Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in ImageMagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ImageMagick
ID: USN-6980-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Fr, 23. August 2024, 06:42
Referenzen: https://www.cve.org/CVERecord?id=CVE-2018-18024
https://www.cve.org/CVERecord?id=CVE-2018-16413
https://www.cve.org/CVERecord?id=CVE-2018-18025
https://www.cve.org/CVERecord?id=CVE-2018-18016
https://www.cve.org/CVERecord?id=CVE-2018-16412
https://www.cve.org/CVERecord?id=CVE-2018-17966
https://www.cve.org/CVERecord?id=CVE-2017-13144
https://www.cve.org/CVERecord?id=CVE-2017-12805
https://www.cve.org/CVERecord?id=CVE-2018-20467
https://ubuntu.com/security/notices/USN-6980-1
https://www.cve.org/CVERecord?id=CVE-2017-12806
Applikationen: ImageMagick

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4191322629354125272==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------on1WB2o0Leka00QgczRoflzx"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------on1WB2o0Leka00QgczRoflzx
Content-Type: multipart/mixed;
 boundary="------------pJuTRk4jyY1PnRnbkFM14aaR";
 protected-headers="v1"
From: Chrisa Oikonomou <chrisa.oikonomou@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <071e6816-49cd-404f-82a2-0eddfcc11bcc@canonical.com>
Subject: [USN-6980-1] ImageMagick vulnerabilities

--------------pJuTRk4jyY1PnRnbkFM14aaR
Content-Type: multipart/alternative;
 boundary="------------0lTMA6JP4iiecdFqGD83o2B3"

--------------0lTMA6JP4iiecdFqGD83o2B3
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==============================

============================================
Ubuntu Security Notice USN-6980-1
August 22, 2024

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   imagemagick                     8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro
   perlmagick                      8:6.7.7.10-6ubuntu3.13+esm8
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6980-1 
<https://ubuntu.com/security/notices/USN-6980-1>
   CVE-2017-12805, CVE-2017-12806, CVE-2017-13144, CVE-2018-16412,
   CVE-2018-16413, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024,
   CVE-2018-18025, CVE-2018-20467
--------------0lTMA6JP4iiecdFqGD83o2B3
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCiAgPGhlYWQ+DQoNCiAgICA8bWV0YSBodHRwLWVx
dWl2PSJjb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+
DQogIDwvaGVhZD4NCiAgPGJvZHk+DQogICAgPHA+PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PC9wPg0KICAgIDxkaXYgaWQ9Ijo2cHAiIGNsYXNzPSJhM3MgYWlMICI+PHdicj49
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08d2JyPj09PT09PT09PT09PT09PGJyPg0K
ICAgICAgVWJ1bnR1IFNlY3VyaXR5IE5vdGljZSBVU04tNjk4MC0xPGJyPg0KICAgICAgQXVn
dXN0IDIyLCAyMDI0PGJyPg0KICAgICAgPGJyPg0KICAgICAgaW1hZ2VtYWdpY2sgdnVsbmVy
YWJpbGl0aWVzPGJyPg0KICAgICAgPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PHdi
cj49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08d2JyPj09PT09PT09PT09PT09PGJy
Pg0KICAgICAgPGJyPg0KICAgICAgQSBzZWN1cml0eSBpc3N1ZSBhZmZlY3RzIHRoZXNlIHJl
bGVhc2VzIG9mIFVidW50dSBhbmQgaXRzDQogICAgICBkZXJpdmF0aXZlczo8YnI+DQogICAg
ICA8YnI+DQogICAgICAtIFVidW50dSAxNC4wNCBMVFM8YnI+DQogICAgICA8YnI+DQogICAg
ICBTdW1tYXJ5Ojxicj4NCiAgICAgIDxicj4NCiAgICAgIFNldmVyYWwgc2VjdXJpdHkgaXNz
dWVzIHdlcmUgZml4ZWQgaW4gSW1hZ2VNYWdpY2suPGJyPg0KICAgICAgPGJyPg0KICAgICAg
U29mdHdhcmUgRGVzY3JpcHRpb246PGJyPg0KICAgICAgLSBpbWFnZW1hZ2ljazogSW1hZ2Ug
bWFuaXB1bGF0aW9uIHByb2dyYW1zIGFuZCBsaWJyYXJ5PGJyPg0KICAgICAgPGJyPg0KICAg
ICAgRGV0YWlsczo8YnI+DQogICAgICA8YnI+DQogICAgICBJdCB3YXMgZGlzY292ZXJlZCB0
aGF0IEltYWdlTWFnaWNrIGluY29ycmVjdGx5IGhhbmRsZWQgY2VydGFpbg0KICAgICAgbWFs
Zm9ybWVkPGJyPg0KICAgICAgaW1hZ2UgZmlsZXMuIElmIGEgdXNlciBvciBhdXRvbWF0ZWQg
c3lzdGVtIHVzaW5nIEltYWdlTWFnaWNrIHdlcmUNCiAgICAgIHRyaWNrZWQ8YnI+DQogICAg
ICBpbnRvIG9wZW5pbmcgYSBzcGVjaWFsbHkgY3JhZnRlZCBpbWFnZSwgYW4gYXR0YWNrZXIg
Y291bGQgZXhwbG9pdA0KICAgICAgdGhpcyB0bzxicj4NCiAgICAgIGNhdXNlIGEgZGVuaWFs
IG9mIHNlcnZpY2Ugb3IgcG9zc2libHkgZXhlY3V0ZSBjb2RlIHdpdGggdGhlDQogICAgICBw
cml2aWxlZ2VzIG9mPGJyPg0KICAgICAgdGhlIHVzZXIgaW52b2tpbmcgdGhlIHByb2dyYW0u
PGJyPg0KICAgICAgPGJyPg0KICAgICAgVXBkYXRlIGluc3RydWN0aW9uczo8YnI+DQogICAg
ICA8YnI+DQogICAgICBUaGUgcHJvYmxlbSBjYW4gYmUgY29ycmVjdGVkIGJ5IHVwZGF0aW5n
IHlvdXIgc3lzdGVtIHRvIHRoZQ0KICAgICAgZm9sbG93aW5nPGJyPg0KICAgICAgcGFja2Fn
ZSB2ZXJzaW9uczo8YnI+DQogICAgICA8YnI+DQogICAgICBVYnVudHUgMTQuMDQgTFRTPGJy
Pg0KICAgICAgwqAgaW1hZ2VtYWdpY2vCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDC
oDg6Ni43LjcuMTAtNnVidW50dTMuMTMrZXNtODxicj4NCiAgICAgIMKgIMKgIMKgIMKgIMKg
IMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIEF2YWlsYWJsZSB3aXRoIFVi
dW50dSBQcm88YnI+DQogICAgICDCoCBsaWJtYWdpY2srKy1kZXbCoCDCoCDCoCDCoCDCoCDC
oCDCoCDCoCDCoDg6Ni43LjcuMTAtNnVidW50dTMuMTMrZXNtODxicj4NCiAgICAgIMKgIMKg
IMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIEF2YWlsYWJs
ZSB3aXRoIFVidW50dSBQcm88YnI+DQogICAgICDCoCBsaWJtYWdpY2srKzXCoCDCoCDCoCDC
oCDCoCDCoCDCoCDCoCDCoCDCoCA4OjYuNy43LjEwLTZ1YnVudHUzLjEzK2VzbTg8YnI+DQog
ICAgICDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDC
oCBBdmFpbGFibGUgd2l0aCBVYnVudHUgUHJvPGJyPg0KICAgICAgwqAgbGlibWFnaWNrY29y
ZS1kZXbCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoDg6Ni43LjcuMTAtNnVidW50dTMuMTMrZXNt
ODxicj4NCiAgICAgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKg
IMKgIMKgIMKgIEF2YWlsYWJsZSB3aXRoIFVidW50dSBQcm88YnI+DQogICAgICDCoCBsaWJt
YWdpY2tjb3JlNcKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIDg6Ni43LjcuMTAtNnVidW50
dTMuMTMrZXNtODxicj4NCiAgICAgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKg
IMKgIMKgIMKgIMKgIMKgIMKgIEF2YWlsYWJsZSB3aXRoIFVidW50dSBQcm88YnI+DQogICAg
ICDCoCBsaWJtYWdpY2tjb3JlNS1leHRyYcKgIMKgIMKgIMKgIMKgIMKgIDg6Ni43LjcuMTAt
NnVidW50dTMuMTMrZXNtODxicj4NCiAgICAgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKg
IMKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgIEF2YWlsYWJsZSB3aXRoIFVidW50dSBQcm88YnI+
DQogICAgICDCoCBsaWJtYWdpY2t3YW5kLWRldsKgIMKgIMKgIMKgIMKgIMKgIMKgIMKgODo2
LjcuNy4xMC02dWJ1bnR1My4xMytlc204PGJyPg0KICAgICAgwqAgwqAgwqAgwqAgwqAgwqAg
wqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgQXZhaWxhYmxlIHdpdGggVWJ1bnR1
IFBybzxicj4NCiAgICAgIMKgIGxpYm1hZ2lja3dhbmQ1wqAgwqAgwqAgwqAgwqAgwqAgwqAg
wqAgwqAgODo2LjcuNy4xMC02dWJ1bnR1My4xMytlc204PGJyPg0KICAgICAgwqAgwqAgwqAg
wqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgQXZhaWxhYmxlIHdp
dGggVWJ1bnR1IFBybzxicj4NCiAgICAgIMKgIHBlcmxtYWdpY2vCoCDCoCDCoCDCoCDCoCDC
oCDCoCDCoCDCoCDCoCDCoCA4OjYuNy43LjEwLTZ1YnVudHUzLjEzK2VzbTg8YnI+DQogICAg
ICDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCBB
dmFpbGFibGUgd2l0aCBVYnVudHUgUHJvPGJyPg0KICAgICAgPGJyPg0KICAgICAgSW4gZ2Vu
ZXJhbCwgYSBzdGFuZGFyZCBzeXN0ZW0gdXBkYXRlIHdpbGwgbWFrZSBhbGwgdGhlIG5lY2Vz
c2FyeQ0KICAgICAgY2hhbmdlcy48YnI+DQogICAgICA8YnI+DQogICAgICBSZWZlcmVuY2Vz
Ojxicj4NCiAgICAgIMKgIDxhIGhyZWY9Imh0dHBzOi8vdWJ1bnR1LmNvbS9zZWN1cml0eS9u
b3RpY2VzL1VTTi02OTgwLTEiDQogICAgICAgIHJlbD0ibm9yZWZlcnJlciIgdGFyZ2V0PSJf
YmxhbmsiDQpkYXRhLXNhZmVyZWRpcmVjdHVybD0iaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS91
cmw/cT1odHRwczovL3VidW50dS5jb20vc2VjdXJpdHkvbm90aWNlcy9VU04tNjk4MC0xJmFt
cDtzb3VyY2U9Z21haWwmYW1wO3VzdD0xNzI0NDMzNzE1Njk0MDAwJmFtcDt1c2c9QU92VmF3
M0szX1F6TVNra0w2cTVGNHdyb3g4cyI+aHR0cHM6Ly91YnVudHUuY29tL3NlY3VyaXR5L25v
PHdicj50aWNlcy9VU04tNjk4MC0xPC9hPjxicj4NCiAgICAgIMKgIENWRS0yMDE3LTEyODA1
LCBDVkUtMjAxNy0xMjgwNiwgQ1ZFLTIwMTctMTMxNDQsIENWRS0yMDE4LTE2NDEyLDxicj4N
CiAgICAgIMKgIENWRS0yMDE4LTE2NDEzLCBDVkUtMjAxOC0xNzk2NiwgQ1ZFLTIwMTgtMTgw
MTYsIENWRS0yMDE4LTE4MDI0LDxicj4NCiAgICAgIMKgIENWRS0yMDE4LTE4MDI1LCBDVkUt
MjAxOC0yMDQ2NzwvZGl2Pg0KICA8L2JvZHk+DQo8L2h0bWw+DQo=

--------------0lTMA6JP4iiecdFqGD83o2B3--

--------------pJuTRk4jyY1PnRnbkFM14aaR--

--------------on1WB2o0Leka00QgczRoflzx
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmbHmEsFAwAAAAAACgkQC+du+fOjiEwJ
Ogv9GQSAYSFe52d89w8iSsqAVbay7FTK9cyeW0iZGyGb0NCR+s8Nwr08admOjEQd7ZlgbHIDg/mJ
hBHMAKKGBVZwzPS0zIreJHWFHtvq68W0Rqk0y10IUsF+mU9CakxhQzpSROC2LJYyMjDGPEQ3aJ3j
ngrGx1dXqsxkIhlhqTxvy4Ch2pOjXkbPFdqMu1OUlBynX/DQwSVBEjWf7XzZ/vU7yM0cf+3foRmK
EnaPZx98GJ/w99m+Qemr6OQ99ByshNG5hBY9jUfOIzfGUJ4FdajXpJppQZxiNIc+rLKURuYicPZV
GdEQ765B3nWDFsIA1kMMZs6xsYfuoC16kOoUEFTpOfrExlqDBvi70esjZ3v9zDf+F85pvKGSCIqm
xw3L4Ngk2ZZd6KU6MLGpHZJXiL4QuPQ4n//w2pgcNNnwp3ij/e2QFkIslXaG1AKgEDMTQrPrD3hB
vlT3r6HE9iW0OX12LmLmdPg6FqaA4PYdBsv5FRoiM5x+onhvFPqB0xCWbjZE
=agM4
-----END PGP SIGNATURE-----

--------------on1WB2o0Leka00QgczRoflzx--


--===============4191322629354125272==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4191322629354125272==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung