USN-4034-1
- Source
- https://ubuntu.com/security/notices/USN-4034-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4034-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4034-1
- Related
- Published
- 2019-06-25T11:26:41.252943Z
- Modified
- 2019-06-25T11:26:41.252943Z
- Summary
- imagemagick vulnerabilities
- Details
-
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration.
- References
-
- https://ubuntu.com/security/notices/USN-4034-1
- https://ubuntu.com/security/CVE-2017-12805
- https://ubuntu.com/security/CVE-2017-12806
- https://ubuntu.com/security/CVE-2018-14434
- https://ubuntu.com/security/CVE-2018-15607
- https://ubuntu.com/security/CVE-2018-16323
- https://ubuntu.com/security/CVE-2018-16412
- https://ubuntu.com/security/CVE-2018-16413
- https://ubuntu.com/security/CVE-2018-16644
- https://ubuntu.com/security/CVE-2018-16645
- https://ubuntu.com/security/CVE-2018-17965
- https://ubuntu.com/security/CVE-2018-17966
- https://ubuntu.com/security/CVE-2018-18016
- https://ubuntu.com/security/CVE-2018-18023
- https://ubuntu.com/security/CVE-2018-18024
- https://ubuntu.com/security/CVE-2018-18025
- https://ubuntu.com/security/CVE-2018-18544
- https://ubuntu.com/security/CVE-2018-20467
- https://ubuntu.com/security/CVE-2019-7175
- https://ubuntu.com/security/CVE-2019-7395
- https://ubuntu.com/security/CVE-2019-7396
- https://ubuntu.com/security/CVE-2019-7397
- https://ubuntu.com/security/CVE-2019-7398
- https://ubuntu.com/security/CVE-2019-9956
- https://ubuntu.com/security/CVE-2019-10131
- https://ubuntu.com/security/CVE-2019-10649
- https://ubuntu.com/security/CVE-2019-10650
- https://ubuntu.com/security/CVE-2019-11470
- https://ubuntu.com/security/CVE-2019-11472
- https://ubuntu.com/security/CVE-2019-11597
- https://ubuntu.com/security/CVE-2019-11598
Affected packages
Ubuntu:16.04:LTS / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/ubuntu/imagemagick?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.8.9.9-7ubuntu5.14
Affected versions
8:6.*
8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4
8:6.8.9.9-7ubuntu5.5
8:6.8.9.9-7ubuntu5.6
8:6.8.9.9-7ubuntu5.7
8:6.8.9.9-7ubuntu5.8
8:6.8.9.9-7ubuntu5.9
8:6.8.9.9-7ubuntu5.11
8:6.8.9.9-7ubuntu5.12
8:6.8.9.9-7ubuntu5.13
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-6.q16"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-6.q16-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-common"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-dbg"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "imagemagick-doc"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libimage-magick-perl"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libimage-magick-q16-perl"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libimage-magick-q16-perl-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-6-headers"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-6.q16-5v5"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-6.q16-5v5-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-6.q16-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-6.q16-dev-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagick++-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6-arch-config"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6-arch-config-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6-headers"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-2"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-2-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-2-extra"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-2-extra-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-6.q16-dev-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickcore-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-6-headers"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-6.q16-2"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-6.q16-2-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-6.q16-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-6.q16-dev-dbgsym"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "libmagickwand-dev"
},
{
"binary_version": "8:6.8.9.9-7ubuntu5.14",
"binary_name": "perlmagick"
}
]
}
Ubuntu:18.04:LTS / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/ubuntu/imagemagick?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.9.7.4+dfsg-16ubuntu6.7
Affected versions
8:6.*
8:6.9.7.4+dfsg-16ubuntu2
8:6.9.7.4+dfsg-16ubuntu3
8:6.9.7.4+dfsg-16ubuntu4
8:6.9.7.4+dfsg-16ubuntu5
8:6.9.7.4+dfsg-16ubuntu6
8:6.9.7.4+dfsg-16ubuntu6.2
8:6.9.7.4+dfsg-16ubuntu6.3
8:6.9.7.4+dfsg-16ubuntu6.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6-common"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6-doc"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6.q16"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6.q16-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6.q16hdri"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-6.q16hdri-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-common"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "imagemagick-doc"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libimage-magick-perl"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libimage-magick-q16-perl"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libimage-magick-q16-perl-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libimage-magick-q16hdri-perl"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libimage-magick-q16hdri-perl-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6-headers"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16-7"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16-7-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16hdri-7"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16hdri-7-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-6.q16hdri-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagick++-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6-arch-config"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6-headers"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16-3"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16-3-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16-3-extra"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16-3-extra-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16hdri-3"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16hdri-3-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16hdri-3-extra"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16hdri-3-extra-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-6.q16hdri-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickcore-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6-headers"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16-3"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16-3-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16hdri-3"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16hdri-3-dbgsym"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-6.q16hdri-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "libmagickwand-dev"
},
{
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.7",
"binary_name": "perlmagick"
}
]
}