========================================================================== Ubuntu Security Notice USN-5855-2 March 15, 2023 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 Ubuntu 22.04 LTS: imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 Ubuntu 20.04 LTS: imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.5 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5855-2 https://ubuntu.com/security/notices/USN-5855-1 CVE-2022-44267, CVE-2022-44268 Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.5
Ubuntu 5855-2: ImageMagick vulnerabilities
March 15, 2023
Several security issues were fixed in ImageMagick.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 Ubuntu 22.04 LTS: imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 Ubuntu 20.04 LTS: imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.5 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.5 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.5 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5855-2
https://ubuntu.com/security/notices/USN-5855-1
CVE-2022-44267, CVE-2022-44268
Severity
Ubuntu Security Notice USN-5855-2
Package Information
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.5
News
HOWTOs
Features
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
About Us
Powered By
