Wednesday, September 4, 2024

[USN-6985-1] ImageMagick vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmbYbgUFAwAAAAAACgkQC+du+fOjiEz4
eQv/ZLDaMITZlLSjX/i2b2ROOlzy7ynebk372MskuBgJ2iZmpgzmHBY7sMYmFawkGBnsSV299Jtl
UQ77jlMR6ZV/BGe/CH92Tmz+igHk8rWywPbUPmpaKbArZoHVWzXtIo34ro/a/cOeX1fRGpPu1+Oy
PeIODD0JMAZ1gnZ6AY5gOQ9C5ruI/TqNFcUzGy8F5Xd7XuHA2XzCnjENY9nxZSTJDeBgzH4KCSqR
6F4tZI+R1PcMCfGR3GtmRY1bZW9FRmRbekIeQ3l131ejt7YFhzV7oYzR0sqmK2QdWcxwGVgV9oQm
+1XoTK1S8spoe36hTWyCBcwCt2wN6Zoxo7beAYGjAkOnsv4QWmF2OsW3j63u5yDvl/qKa7YKLppv
SixTynMu932T5ku25ZkM6t5Gv5OJrBdKIGn6D/S3eWBS+uiSr5O/MaSk4/77/xEH64vdfu0vl9wE
I2v5Pfv8l8PmjE4vLoTaldgY26rnn88AvkPoM1YID1S5fyWm+z2SW5W4FZSR
=0FoU
-----END PGP SIGNATURE-----

==========================================================================
Ubuntu Security Notice USN-6985-1
September 04, 2024

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
 cause a denial of service or execute code with the privileges of the user
invoking the program.


Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  imagemagick-common              8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6985-1
  CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
  CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975,
  CVE-2019-12976, CVE-2019-12978, CVE-2019-12979

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)