Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS: USN-4549-1 Critical: ImageMagick DOS Risk

ubuntu
Calendar Grey September 28, 2020
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4550-2 concerns vulnerabilities in the OpenSSL library that may cause security risks.
ImageMagick could be made to crash if it opened a specially crafted file.

Summary

ImageMagick could be made to crash if it opened a specially crafted

file.

Software Description:

- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain specially

crafted image files. If a user or automated system using ImageMagick were

tricked into opening a specially crafted image, an attacker could exploit

this to cause a denial of service or other unspecified impact.

(CVE-2019-19948, CVE-2019-19949)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  imagemagick                     8:6.9.10.23+dfsg-2.1ubuntu11.1
  imagemagick-6.q16               8:6.9.10.23+dfsg-2.1ubuntu11.1
  libmagick++-6.q16-8             8:6.9.10.23+dfsg-2.1ubuntu11.1
  libmagickcore-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4549-1

CVE-2019-19948, CVE-2019-19949

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here