USN-5158-1: ImageMagick vulnerabilities

Ubuntu 6581 Published 2021-11-30 08:15 by Philipp Esselbach

News

An ImageMagick security update has been released for Ubuntu Linux 14.04 ESM, 16.04 ESM, and 18.04 LTS.

Content-Language: en-US

==========================================================================
Ubuntu Security Notice USN-5158-1
November 29, 2021

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. (CVE-2021-20244)

It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20246)

It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service (CVE-2021-20309)

It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. (CVE-2021-20312)

It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. (CVE-2021-20313)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.12

Ubuntu 16.04 ESM:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm1

Ubuntu 14.04 ESM:
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5158-1
CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,
CVE-2021-20313

Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.12

openSUSE-SU-2021:1513-1: moderate: Security update for tor

DLA 2832-1: opensc security update

USN-5158-1: ImageMagick vulnerabilities

Windows

Linux

macOS

Community