Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in GraphicsMagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GraphicsMagick
ID: USN-5974-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM
Datum: Mo, 27. März 2023, 23:12
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20184
https://launchpad.net/ubuntu/+source/graphicsmagick/1.4+really1.3.35-1ubuntu0.1
Applikationen: GraphicsMagick

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8233065603487849362==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------3HoCFbpTXXGZ029mUTfqFL7e"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------3HoCFbpTXXGZ029mUTfqFL7e
Content-Type: multipart/mixed;
 boundary="------------MAPdpZHkFDAdpS5uG8ZZ7k4R";
 protected-headers="v1"
From: Camila Camargo de Matos <camila.camargodematos@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <29bdcbb4-756d-b20f-1c55-d864eb395441@canonical.com>
Subject: [USN-5974-1] GraphicsMagick vulnerabilities

--------------MAPdpZHkFDAdpS5uG8ZZ7k4R
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5974-1
March 27, 2023

graphicsmagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in GraphicsMagick.

Software Description:
- graphicsmagick: collection of image processing tools

Details:

It was discovered that GraphicsMagick was not properly performing bounds
checks when processing TGA image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted TGA image file, an attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184)

It was discovered that GraphicsMagick was not properly validating bits per
pixel data when processing DIB image files. If a user or automated system
were tricked into processing a specially crafted DIB image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2018-20189)

It was discovered that GraphicsMagick was not properly processing
bit-field mask values in BMP image files, which could result in the
execution of an infinite loop. If a user or automated system were tricked
into processing a specially crafted BMP image file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685)

It was discovered that GraphicsMagick was not properly validating data
used in arithmetic operations when processing MNG image files, which
could result in a divide-by-zero error. If a user or automated system were
tricked into processing a specially crafted MNG image file, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018)

It was discovered that GraphicsMagick was not properly performing bounds
checks when processing MIFF image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted MIFF image file, an attacker could possibly use this
issue to cause a denial of service or expose sensitive information. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2019-11006)

It was discovered that GraphicsMagick did not properly magnify certain
MNG image files, which could lead to a heap buffer overflow. If a user or
automated system were tricked into processing a specially crafted MNG
image file, an attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-12672)

It was discovered that GraphicsMagick was not properly performing bounds
checks when parsing certain MIFF image files, which could lead to a heap
buffer overflow. If a user or automated system were tricked into
processing a specially crafted MIFF image file, an attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2022-1270)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   graphicsmagick                  1.4+really1.3.35-1ubuntu0.1
   libgraphicsmagick-q16-3         1.4+really1.3.35-1ubuntu0.1

Ubuntu 18.04 LTS:
   graphicsmagick                  1.3.28-2ubuntu0.2+esm1
   libgraphicsmagick-q16-3         1.3.28-2ubuntu0.2+esm1

Ubuntu 16.04 ESM:
   graphicsmagick                  1.3.23-1ubuntu0.6+esm2
   libgraphicsmagick-q16-3         1.3.23-1ubuntu0.6+esm2

Ubuntu 14.04 ESM:
   graphicsmagick                  1.3.18-1ubuntu3.1+esm8
   libgraphicsmagick3              1.3.18-1ubuntu3.1+esm8

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5974-1
   CVE-2018-20184, CVE-2018-20189, CVE-2018-5685, CVE-2018-9018,
   CVE-2019-11006, CVE-2020-12672, CVE-2022-1270

Package Information:
https://launchpad.net/ubuntu/+source/graphicsmagick/1.4+really1.3.35-1ubuntu0.1


--------------MAPdpZHkFDAdpS5uG8ZZ7k4R--

--------------3HoCFbpTXXGZ029mUTfqFL7e
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmQhzvUFAwAAAAAACgkQbzAtCH6LqTaZ
GggAhrvNypd2dWktfMpocyuL7ALgOex90bWB9sYaPViQW1rrnNuXGLHUNgUk7sfNT0MRdC+Xw7oA
WLQUpDRfKeuHKOUu56mEIIR1aUwTNevYhRdTYQmEokvs+y2KEsiZh9qyFHCzcjl2E/X/g0F+DCKy
EW9OkcXCF0CrRHBbKuP4mlzfxC73DRyDLnlOHMal9xpnZWNbQMSwoT3+QLab95C/y2Fz2rpuLgBT
wF1CVqYv6pEPx5zKMpPvhjpWSBBvRx1r+b67YDGUIfR6+nNDzbdeu77vECaip5ci0aiH7i7lHJ5w
XfcNywN/OcF5Jlbmxm0QOmgnlrWCzmd7ubZTYXSOLQ==
=V1q1
-----END PGP SIGNATURE-----

--------------3HoCFbpTXXGZ029mUTfqFL7e--


--===============8233065603487849362==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============8233065603487849362==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung