==========================================================================
Ubuntu Security Notice USN-4034-1
June 25, 2019
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
– imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Due to a large number of issues discovered in GhostScript that prevent it
from being used by ImageMagick safely, the update for Ubuntu 18.10 and
Ubuntu 19.04 includes a default policy change that disables support for the
Postscript and PDF formats in ImageMagick. This policy can be overridden if
necessary by using an alternate ImageMagick policy configuration.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
imagemagick 8:6.9.10.14+dfsg-7ubuntu2.2
imagemagick-6.q16 8:6.9.10.14+dfsg-7ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.14+dfsg-7ubuntu2.2
Ubuntu 18.10:
imagemagick 8:6.9.10.8+dfsg-1ubuntu2.2
imagemagick-6.q16 8:6.9.10.8+dfsg-1ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.8+dfsg-1ubuntu2.2
Ubuntu 18.04 LTS:
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.7
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.7
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.7
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.14
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.14
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.14
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4034-1
CVE-2017-12805, CVE-2017-12806, CVE-2018-14434, CVE-2018-15607,
CVE-2018-16323, CVE-2018-16412, CVE-2018-16413, CVE-2018-16644,
CVE-2018-16645, CVE-2018-17965, CVE-2018-17966, CVE-2018-18016,
CVE-2018-18023, CVE-2018-18024, CVE-2018-18025, CVE-2018-18544,
CVE-2018-20467, CVE-2019-10131, CVE-2019-10649, CVE-2019-10650,
CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598,
CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397,
CVE-2019-7398, CVE-2019-9956
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.8+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.7
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.14
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJIkACgkQZWnYVadE
vpOBjBAAotlbPkuuuvzmzYU/FU3sTS2ogJ2S3i+Zw3nWDyJH41rRw1/kI0+smyyu
vGg1AkvfMllHAAPm8yj1gCI1BJlCubpQsajNQGRY/zwjOHO+c7acru9vfdD7vA+E
Kjz+10/oSwD8cQs+Qc/IIel2+dyhvTNmnxXf5bd1DK6L0dMU+7dnQmKA1kirax3E
bLI4ZK6FPm9EWa2h351Oy+oVoummPmA21kMksHtymBy3yqlyVluvkDhceqCKSRCR
EMYbYe1o11ZlR27td3oBbP0RiA6loVJ3EW6Md1GjCbQSzoXySi8c6fxSqQpbij90
0ssoFdQiAM5vFTTyhZDcy7QYN0h5DQGrvG4myM16Nv+IjRG2mBd2kGTmv5kCvx9c
K+VersNRM1WHJkCNOLELehSefl42UPGYSb720k6k83lJruvQwFbjpljFSsfJPNEr
XM9PhZZJUrImnxczBQRVG6T29O853a7AKL439Tb8l1znpfK12djzPxsZmkPn315q
NHLyk3YWJwsxYgtz2xdlWQASCv3yc6MtoNVGsewOA6SOjwfZaVj3NEztk6UEMVyx
YxziRKBMDPbEKDtLQ+EG+tYb0/RB83U+J7fqUm5eM2RzqOZUKyy5BeDtvYlkK6qs
sjz5+c0DaJ+4afZDAsz57olz2UoE7ok5V/Cfe0SmGXpqPlClJjI=
=njY5
—–END PGP SIGNATURE—–
—