USN-4670-1: ImageMagick vulnerabilities
15 December 2020
Several security issues were fixed in ImageMagick.
Releases
Packages
- imagemagick - Image manipulation programs and library
Details
It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10.
(CVE-2019-19948, CVE-2019-19949)
It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service. (CVE-2020-27560)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10
-
imagemagick
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
imagemagick-6.q16
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
imagemagick-6.q16hdri
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagick++-6.q16-8
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagick++-6.q16hdri-8
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickcore-6.q16-6
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickcore-6.q16-6-extra
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickcore-6.q16hdri-6
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickcore-6.q16hdri-6-extra
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickwand-6.q16-6
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
-
libmagickwand-6.q16hdri-6
-
8:6.9.10.23+dfsg-2.1ubuntu13.1
Ubuntu 20.04
-
imagemagick
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
imagemagick-6.q16
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
imagemagick-6.q16hdri
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagick++-6.q16-8
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagick++-6.q16hdri-8
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickcore-6.q16-6
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickcore-6.q16-6-extra
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickcore-6.q16hdri-6
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickcore-6.q16hdri-6-extra
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickwand-6.q16-6
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
-
libmagickwand-6.q16hdri-6
-
8:6.9.10.23+dfsg-2.1ubuntu11.2
Ubuntu 18.04
-
imagemagick
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
imagemagick-6.q16
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
imagemagick-6.q16hdri
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagick++-6.q16-7
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagick++-6.q16hdri-7
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickcore-6.q16-3
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickcore-6.q16-3-extra
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickcore-6.q16hdri-3
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickcore-6.q16hdri-3-extra
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickwand-6.q16-3
-
8:6.9.7.4+dfsg-16ubuntu6.9
-
libmagickwand-6.q16hdri-3
-
8:6.9.7.4+dfsg-16ubuntu6.9
Ubuntu 16.04
-
imagemagick
-
8:6.8.9.9-7ubuntu5.16
-
imagemagick-6.q16
-
8:6.8.9.9-7ubuntu5.16
-
libmagick++-6.q16-5v5
-
8:6.8.9.9-7ubuntu5.16
-
libmagickcore-6.q16-2
-
8:6.8.9.9-7ubuntu5.16
-
libmagickcore-6.q16-2-extra
-
8:6.8.9.9-7ubuntu5.16
-
libmagickwand-6.q16-2
-
8:6.8.9.9-7ubuntu5.16
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4549-1: libmagickwand-6.q16hdri-6, libmagickwand-dev, imagemagick-doc, libmagickcore-6.q16-dev, libmagick++-6.q16hdri-dev, libmagickcore-6.q16hdri-6, imagemagick-6-doc, libmagickwand-6.q16-dev, libmagickcore-6.q16-6, libimage-magick-perl, libmagickcore-6.q16hdri-6-extra, libimage-magick-q16hdri-perl, libmagick++-6.q16-8, libimage-magick-q16-perl, libmagickcore-6-headers, libmagickcore-6.q16-6-extra, imagemagick-6-common, imagemagick-common, imagemagick, libmagick++-6.q16hdri-8, libmagickcore-dev, libmagick++-dev, libmagick++-6-headers, libmagickwand-6-headers, libmagickwand-6.q16hdri-dev, libmagick++-6.q16-dev, libmagickcore-6.q16hdri-dev, imagemagick-6.q16hdri, libmagickwand-6.q16-6, libmagickcore-6-arch-config, imagemagick-6.q16, perlmagick