Ubuntu Security Notice USN-6200-1

Ubuntu Security Notice USN-6200-1: Posted Jul 4, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.; tags | advisory, denial of service, arbitrary, shell, code execution; systems | linux, ubuntu; advisories | CVE-2020-29599, CVE-2021-20224, CVE-2021-20244, CVE-2021-20246, CVE-2021-20312, CVE-2021-20313, CVE-2021-39212, CVE-2022-32545, CVE-2023-1289, CVE-2023-1906, CVE-2023-3195, CVE-2023-34151, CVE-2023-3428; SHA-256 | 4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882; Download | Favorite | View

Ubuntu Security Notice USN-6200-1

==========================================================================
Ubuntu Security Notice USN-6200-1
July 04, 2023

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled the "-authenticate"
option for password-protected PDF files. An attacker could possibly use
this issue to inject additional shell commands and perform arbitrary code
execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)

It was discovered that ImageMagick incorrectly handled certain values
when processing PDF files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted PDF file, an attacker could
exploit this to cause a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20224)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
values when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)

It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20244, CVE-2021-20309)

It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20246)

It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20312)

It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20313)

It was discovered that ImageMagick did not use the correct rights when
specifically excluded by a module policy. An attacker could use this issue
to read and write certain restricted files. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-39212)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,
CVE-2023-3428)

It was discovered that ImageMagick incorrectly handled certain values
when processing specially crafted SVG files. By tricking a user into
opening a specially crafted SVG file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
tiff file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. (CVE-2023-34151)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  imagemagick                     8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  imagemagick-6-common            8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  imagemagick-common              8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libimage-magick-perl            8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagick++-dev                 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickcore-dev               8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  libmagickwand-dev               8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  perlmagick                      8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1

Ubuntu 22.10:
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2

Ubuntu 20.04 LTS:
  imagemagick                     8:6.9.10.23+dfsg-2.1ubuntu11.9
  imagemagick-6-common            8:6.9.10.23+dfsg-2.1ubuntu11.9
  imagemagick-6.q16               8:6.9.10.23+dfsg-2.1ubuntu11.9
  imagemagick-6.q16hdri           8:6.9.10.23+dfsg-2.1ubuntu11.9
  imagemagick-common              8:6.9.10.23+dfsg-2.1ubuntu11.9
  libimage-magick-perl            8:6.9.10.23+dfsg-2.1ubuntu11.9
  libimage-magick-q16-perl        8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagick++-6.q16-8             8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagick++-6.q16-dev           8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagick++-6.q16hdri-8         8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagick++-6.q16hdri-dev       8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagick++-dev                 8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickcore-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickcore-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickcore-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickcore-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickcore-dev               8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickwand-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickwand-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.9
  libmagickwand-dev               8:6.9.10.23+dfsg-2.1ubuntu11.9
  perlmagick                      8:6.9.10.23+dfsg-2.1ubuntu11.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  imagemagick                     8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  imagemagick-6-common            8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  imagemagick-6.q16               8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  imagemagick-6.q16hdri           8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  imagemagick-common              8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libimage-magick-perl            8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libimage-magick-q16-perl        8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagick++-6.q16-7             8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagick++-6.q16-dev           8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagick++-6.q16hdri-7         8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagick++-6.q16hdri-dev       8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagick++-dev                 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickcore-6-headers         8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickcore-6.q16-3           8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickcore-6.q16-dev         8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickcore-6.q16hdri-3       8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickcore-dev               8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickwand-6.q16-3           8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickwand-6.q16-dev         8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  libmagickwand-dev               8:6.9.7.4+dfsg-16ubuntu6.15+esm1
  perlmagick                      8:6.9.7.4+dfsg-16ubuntu6.15+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  imagemagick                     8:6.8.9.9-7ubuntu5.16+esm8
  imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm8
  imagemagick-common              8:6.8.9.9-7ubuntu5.16+esm8
  libimage-magick-perl            8:6.8.9.9-7ubuntu5.16+esm8
  libimage-magick-q16-perl        8:6.8.9.9-7ubuntu5.16+esm8
  libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm8
  libmagick++-6.q16-dev           8:6.8.9.9-7ubuntu5.16+esm8
  libmagick++-dev                 8:6.8.9.9-7ubuntu5.16+esm8
  libmagickcore-6-headers         8:6.8.9.9-7ubuntu5.16+esm8
  libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm8
  libmagickcore-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm8
  libmagickcore-dev               8:6.8.9.9-7ubuntu5.16+esm8
  libmagickwand-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm8
  libmagickwand-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm8
  libmagickwand-dev               8:6.8.9.9-7ubuntu5.16+esm8
  perlmagick                      8:6.8.9.9-7ubuntu5.16+esm8

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6200-1
  CVE-2020-29599, CVE-2021-20224, CVE-2021-20241, CVE-2021-20243,
  CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,
  CVE-2021-20313, CVE-2021-3610, CVE-2021-39212, CVE-2022-28463,
  CVE-2022-32545, CVE-2022-32546, CVE-2022-32547, CVE-2023-1289,
  CVE-2023-1906, CVE-2023-3195, CVE-2023-34151, CVE-2023-3428

Package Information:
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.9

Top Authors In Last 30 Days

Red Hat 341 files
Ubuntu 54 files
Gentoo 33 files
Debian 23 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Adam Gowdiak 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,819)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,935)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,527)
UNIX (9,407)
UnixWare (187)
Windows (6,660)
Other

Ubuntu Security Notice USN-6200-1

Ubuntu Security Notice USN-6200-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6200-1

Share This

Ubuntu Security Notice USN-6200-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems