Ubuntu alert USN-6393-1 (imagemagick)
| From: | Ian Constantin <ian.constantin@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6393-1] ImageMagick vulnerability | |
| Date: | Thu, 21 Sep 2023 18:21:46 +0300 | |
| Message-ID: | <07909371-c41d-4740-8900-3d289c02b16f@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6393-1 September 21, 2023 imagemagick vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: ImageMagick could be made to crash when processing the -help option. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1 imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.8.9.9-7ubuntu5.16+esm9 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm9 Ubuntu 14.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.7.7.10-6ubuntu3.13+esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6393-1 CVE-2022-48541