|
|
Subscribe / Log in / New account

Ubuntu alert USN-7164-1 (imagemagick)



From:
              Chrisa Oikonomou <chrisa.oikonomou@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7164-1] ImageMagick vulnerability


Date:
              Tue, 17 Dec 2024 14:15:52 +0200


Message-ID:
              <3be7dac7-0369-4fb9-8c55-eefc9f402e95@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7164-1
December 17, 2024

imagemagick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

ImageMagick could be made to crash if it received specially crafted
input.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly exploit this to cause a denial of
service.


Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   imagemagick                     8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   imagemagick-common              8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro
   perlmagick                      8:6.7.7.10-6ubuntu3.13+esm12
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7164-1 
<https://ubuntu.com/security/notices/USN-7164-1>
   CVE-2021-20176, CVE-2021-20241, CVE-2021-20243




Attachment: None (type=text/html)

(HTML attachment elided)



Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmdha3kFAwAAAAAACgkQC+du+fOjiEzw
dgv/axk6Qr+8slZbc48rtgP4o1U1a+A3/O5ziG4OGfcXraVP4i2fQk/fcyUmsL+eAbENJzkZDpgt
XYeQIByVAesPL7F9Z1NclvUCH0Pii54tnlmVhEW772MQvMCLaOqcidqdJNNolyqCjlKhIschq8tp
W0cJJ3UmofLee/pshVy28rhF4GqIEVmOzJhcy4tfFbcUzLz4YFyaa7/hraji6JLFz57pf3qLxDAN
vFjHi2W2dl9TRFRCpfN2H/6RkMyqE9k7MBkvFfojLGUmAniKxm6gJZ0w352wfnzKVJeDu7USqOfN
4ZbtIPSRKW1fmBGJyJVVb8U3kIJZ9PFKxEv/YCwenkxL+rDvZupmbK7oju91uHAcg7JSW2GX4qnp
xYjDir+NJzOCNfqZcdxHtvQ4dhkJlsZHlsNaly0R+DhdbeXtgUjRJUTOP1bxhwyKN5RiSCF/NGzm
QqhjwiE419SB5LntIBG2IvfMgWOfhnfWmw0NabewIYbnX7veckWwUnnR6OpT
=bHoq
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds