Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5855-2

Ubuntu Security Notice 5855-2 - USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

Packet Storm
#vulnerability#ubuntu#dos#ibm

==========================================================================
Ubuntu Security Notice USN-5855-2
March 15, 2023

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:

  • imagemagick: Image manipulation programs and library

Details:

USN-5855-1 fixed a vulnerability in ImageMagick. This update provides
the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
22.10.

Original advisory details:

It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
libmagick+±6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2

Ubuntu 22.04 LTS:
imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
libmagick+±6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1

Ubuntu 20.04 LTS:
imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.5
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.5
libmagick+±6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.5
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.5
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5855-2
https://ubuntu.com/security/notices/USN-5855-1
CVE-2022-44267, CVE-2022-44268

Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.5

Related news

Gentoo Linux Security Advisory 202405-02

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

Ubuntu Security Notice USN-5855-4

Ubuntu Security Notice 5855-4 - USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

Debian Security Advisory 5347-1

Debian Linux Security Advisory 5347-1 - Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.

Debian Security Advisory 5347-1

Debian Linux Security Advisory 5347-1 - Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.

Ubuntu Security Notice USN-5855-1

Ubuntu Security Notice 5855-1 - It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

Ubuntu Security Notice USN-5855-1

Ubuntu Security Notice 5855-1 - It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

CVE-2022-44267: ImageMagick

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. A

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution