Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
Due to a large number of issues discovered in GhostScript that prevent
it from being used by ImageMagick safely, this update includes a
default policy change that disables support for the Postscript and
PDF formats in ImageMagick. This policy can be overridden if necessary
by using an alternate ImageMagick policy configuration.
It was discovered that several memory leaks existed when handling
certain images in ImageMagick. An attacker could use this to cause a
denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436,
CVE-2018-14437, CVE-2018-16640, CVE-2018-16750)
It was discovered that ImageMagick did not properly initialize a
variable before using it when processing MAT images. An attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551)
It...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: imagemagick 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.4 Ubuntu 16.04 LTS: imagemagick 8:6.8.9.9-7ubuntu5.13 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.13 libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.13 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.13 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.13 Ubuntu 14.04 LTS: imagemagick 8:6.7.7.10-6ubuntu3.13 libmagick++5 8:6.7.7.10-6ubuntu3.13 libmagickcore5 8:6.7.7.10-6ubuntu3.13 libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3785-1
CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437,
CVE-2018-14551, CVE-2018-16323, CVE-2018-16640, CVE-2018-16642,
CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749,
CVE-2018-16750, https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1793485
Get the latest Linux and open source security news straight to your inbox.