Headline
Ubuntu Security Notice USN-6621-1
Ubuntu Security Notice 6621-1 - It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6621-1
February 01, 2024
imagemagick vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
ImageMagick could be made to crash if it opened a specially crafted
file.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain values when
processing BMP files. An attacker could exploit this to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm3
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm3
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm3
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.8.9.9-7ubuntu5.16+esm10
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm10
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm10
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm10
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.7.7.10-6ubuntu3.13+esm7
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm7
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6621-1
CVE-2023-5341
Related news
Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.
Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.