Ubuntu Security Notice 3142-2 - USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
6bd0ad7bc46bd1aec3d550bb978fdd2857a665eafe7bbbd3d348eff865feec3f
===========================================================================
Ubuntu Security Notice USN-3142-2
February 22, 2017
imagemagick regression
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3142-1 introduced a regression in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes
introduced a regression with text labels and a regression with the text
coder. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
imagemagick 8:6.8.9.9-7ubuntu8.3
imagemagick-6.q16 8:6.8.9.9-7ubuntu8.3
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.3
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.3
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.3
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.4
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.4
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.4
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.4
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.4
Ubuntu 14.04 LTS:
imagemagick 8:6.7.7.10-6ubuntu3.4
libmagick++5 8:6.7.7.10-6ubuntu3.4
libmagickcore5 8:6.7.7.10-6ubuntu3.4
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.4
Ubuntu 12.04 LTS:
imagemagick 8:6.6.9.7-5ubuntu3.7
libmagick++4 8:6.6.9.7-5ubuntu3.7
libmagickcore4 8:6.6.9.7-5ubuntu3.7
libmagickcore4-extra 8:6.6.9.7-5ubuntu3.7
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3142-2
http://www.ubuntu.com/usn/usn-3142-1
https://launchpad.net/bugs/1589580, https://launchpad.net/bugs/1646485
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu8.3
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.4
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.4
https://launchpad.net/ubuntu/+source/imagemagick/8:6.6.9.7-5ubuntu3.7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed