Ubuntu 5335-1: ImageMagick vulnerabilities | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5335-1
March 18, 2022

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain values
when processing XPM image data or large images. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2020-19667, CVE-2017-13144)

Suhwan Song discovered that ImageMagick incorrectly handled memory
when processing PNG,PALM,MIFF image data. If a user or automated system
using ImageMagick were tricked into opening a specially crafted image,
an attacker could exploit this to cause a denial of service or possibly
execute code with the privileges of the user invoking the program.
(CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753)

Suhwan Song discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762,
CVE-2020-27766, CVE-2020-27770)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values
when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service.
(CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  imagemagick                     8:6.8.9.9-7ubuntu5.16+esm2
  imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm2
  imagemagick-common              8:6.8.9.9-7ubuntu5.16+esm2
  libimage-magick-perl            8:6.8.9.9-7ubuntu5.16+esm2
  libimage-magick-q16-perl        8:6.8.9.9-7ubuntu5.16+esm2
  libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm2
  libmagick++-6.q16-dev           8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-6-arch-config     8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-6-headers         8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-6.q16-2-extra     8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm2
  libmagickcore-dev               8:6.8.9.9-7ubuntu5.16+esm2
  libmagickwand-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm2
  libmagickwand-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm2
  perlmagick                      8:6.8.9.9-7ubuntu5.16+esm2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5335-1
  CVE-2017-13144, CVE-2020-19667, CVE-2020-25664, CVE-2020-25665,
  CVE-2020-25674, CVE-2020-25676, CVE-2020-27750, CVE-2020-27753,
  CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770,
  CVE-2021-20176, CVE-2021-20241, CVE-2021-20243

Ubuntu 5335-1: ImageMagick vulnerabilities

March 21, 2022
Several security issues were fixed in ImageMagick.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick incorrectly handled certain values when processing XPM image data or large images. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-19667, CVE-2017-13144) Suhwan Song discovered that ImageMagick incorrectly handled memory when processing PNG,PALM,MIFF image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753) Suhwan Song discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: imagemagick 8:6.8.9.9-7ubuntu5.16+esm2 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm2 imagemagick-common 8:6.8.9.9-7ubuntu5.16+esm2 libimage-magick-perl 8:6.8.9.9-7ubuntu5.16+esm2 libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm2 libmagick++-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6-arch-config 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm2 libmagickcore-dev 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm2 libmagickwand-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm2 perlmagick 8:6.8.9.9-7ubuntu5.16+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5335-1

CVE-2017-13144, CVE-2020-19667, CVE-2020-25664, CVE-2020-25665,

CVE-2020-25674, CVE-2020-25676, CVE-2020-27750, CVE-2020-27753,

CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770,

CVE-2021-20176, CVE-2021-20241, CVE-2021-20243

Severity
Ubuntu Security Notice USN-5335-1

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.