This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5670638079438488353== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bw6QykBBOPJh14NiZW5olcgxPBLH2000M"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bw6QykBBOPJh14NiZW5olcgxPBLH2000M Content-Type: multipart/mixed; boundary="dKAtmSoSBNJRABLLjJGdZGu4wuXB6YXFt"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <55b33c1e-010e-5372-d05a-3c8e4566a754@canonical.com> Subject: [USN-4988-1] ImageMagick vulnerabilities
--dKAtmSoSBNJRABLLjJGdZGu4wuXB6YXFt Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4988-1 June 15, 2021
imagemagick vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description: - imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: imagemagick 8:6.9.10.23+dfsg-2.1ubuntu13.3 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu13.3 libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu13.3 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu13.3 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu13.3
Ubuntu 20.04 LTS: imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.4 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.4 libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.4 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.4 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.4
Ubuntu 18.04 LTS: imagemagick 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.11
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-4988-1 CVE-2017-14528, CVE-2020-19667, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674, CVE-2020-25675, CVE-2020-25676, CVE-2020-27750, CVE-2020-27751, CVE-2020-27753, CVE-2020-27754, CVE-2020-27755, CVE-2020-27756, CVE-2020-27757, CVE-2020-27758, CVE-2020-27759, CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776, CVE-2021-20176
Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu13.3 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.4 https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.11
--dKAtmSoSBNJRABLLjJGdZGu4wuXB6YXFt--
--bw6QykBBOPJh14NiZW5olcgxPBLH2000M Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmDImdgACgkQZWnYVadE vpO0qA//cGO6bq2s+ANcPlUGFe63FRNwsLgZEbPqcpbXMz9xyCPAIPcAZxTxXmeD oLo0LnT3EMNzpc+ITNJlzj2WMdPRxXS3wsVCmNHRD3zqYLP0laWXMHLyLLhn5ZBi Vdcc0ZpNFKcm3y7cxz1FkCgyB2Itv6OTurvIDRo1+QzFJ0RbRjv4CwaHDe9iN9uz Gu0ZpFuLyhF+oI7XSi43Ml90Hdi+i8Bioozneyh4ZwYKEr0gLz8eq3DvAV02IQNG GIJu0uvhJxtNYE9lJIehugWHzOnri2dB0scQwrJA17gpP04dSvkQ4NEKDjRqSsSo OHQY3B4tuatu0D2NjZjAHCr0gb/zrUY9WOntj1pWQOA+cJkyzmle4JpK3OV9WDNd t4UmTnyb+mFHrkG2bysDhZcGGlQkxgU4r8gYrqW4mkwJWzPQvUVLvB/u9xplsvRs oNvIYfkkDion21aqPb4HHW2VHWnXkYYoKloF4WoItHZRdeeBIwM848L/hes2UCxe BEsbuJNu3NW3I+kPFhKnIV92gXQWiJVT4acp7hpxRlVn89yXTYkLLYW7YZyzEKIg kwaWvKRBqPeMzHa7GVP24NfVEP2k8TvvVvKSj9qd0Cv7g75tDur0qIR8RgZVhM4H i6PIguQ1cAPkJbvnp30uB1+R/wcKwyoJVZAicqt/+Sq9nUyXqFU= =siOF -----END PGP SIGNATURE-----
--bw6QykBBOPJh14NiZW5olcgxPBLH2000M--
--===============5670638079438488353== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5670638079438488353==--
|