Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882
==========================================================================
Ubuntu Security Notice USN-6200-1
July 04, 2023
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled the "-authenticate"
option for password-protected PDF files. An attacker could possibly use
this issue to inject additional shell commands and perform arbitrary code
execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)
It was discovered that ImageMagick incorrectly handled certain values
when processing PDF files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted PDF file, an attacker could
exploit this to cause a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
values when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)
It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20244, CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20313)
It was discovered that ImageMagick did not use the correct rights when
specifically excluded by a module policy. An attacker could use this issue
to read and write certain restricted files. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-39212)
It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)
It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,
CVE-2023-3428)
It was discovered that ImageMagick incorrectly handled certain values
when processing specially crafted SVG files. By tricking a user into
opening a specially crafted SVG file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)
It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
tiff file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)
It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. (CVE-2023-34151)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
imagemagick 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
imagemagick-6-common 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
imagemagick-6.q16 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
imagemagick-common 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libimage-magick-perl 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagick++-6.q16-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagick++-6.q16hdri-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagick++-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickcore-6-headers 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickcore-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickwand-6.q16-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
libmagickwand-dev 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
perlmagick 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
Ubuntu 22.10:
imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
imagemagick-6-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
imagemagick-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libimage-magick-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagick++-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagick++-6.q16hdri-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagick++-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickcore-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickcore-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickcore-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickwand-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
libmagickwand-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
perlmagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
imagemagick-6-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
imagemagick-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libimage-magick-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagick++-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagick++-6.q16hdri-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagick++-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickcore-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickcore-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickcore-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickwand-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
libmagickwand-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
perlmagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2
Ubuntu 20.04 LTS:
imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9
imagemagick-6-common 8:6.9.10.23+dfsg-2.1ubuntu11.9
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.9
imagemagick-common 8:6.9.10.23+dfsg-2.1ubuntu11.9
libimage-magick-perl 8:6.9.10.23+dfsg-2.1ubuntu11.9
libimage-magick-q16-perl 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagick++-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagick++-6.q16hdri-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagick++-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickcore-6-headers 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickcore-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickcore-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickwand-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
libmagickwand-dev 8:6.9.10.23+dfsg-2.1ubuntu11.9
perlmagick 8:6.9.10.23+dfsg-2.1ubuntu11.9
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
imagemagick-6-common 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
imagemagick-common 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libimage-magick-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libimage-magick-q16-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagick++-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagick++-6.q16hdri-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagick++-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickcore-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickcore-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickcore-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickwand-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
libmagickwand-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
perlmagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.8.9.9-7ubuntu5.16+esm8
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm8
imagemagick-common 8:6.8.9.9-7ubuntu5.16+esm8
libimage-magick-perl 8:6.8.9.9-7ubuntu5.16+esm8
libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm8
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm8
libmagick++-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm8
libmagick++-dev 8:6.8.9.9-7ubuntu5.16+esm8
libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.16+esm8
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm8
libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm8
libmagickcore-dev 8:6.8.9.9-7ubuntu5.16+esm8
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm8
libmagickwand-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm8
libmagickwand-dev 8:6.8.9.9-7ubuntu5.16+esm8
perlmagick 8:6.8.9.9-7ubuntu5.16+esm8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6200-1
CVE-2020-29599, CVE-2021-20224, CVE-2021-20241, CVE-2021-20243,
CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,
CVE-2021-20313, CVE-2021-3610, CVE-2021-39212, CVE-2022-28463,
CVE-2022-32545, CVE-2022-32546, CVE-2022-32547, CVE-2023-1289,
CVE-2023-1906, CVE-2023-3195, CVE-2023-34151, CVE-2023-3428
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.9