USN-4034-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4034-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4034-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4034-1
Related
Published
2019-06-25T11:26:41.252943Z
Modified
2019-06-25T11:26:41.252943Z
Summary
imagemagick vulnerabilities
Details

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration.

References

Affected packages

Ubuntu:16.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick@8:6.8.9.9-7ubuntu5.14?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.8.9.9-7ubuntu5.14

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4
8:6.8.9.9-7ubuntu5.5
8:6.8.9.9-7ubuntu5.6
8:6.8.9.9-7ubuntu5.7
8:6.8.9.9-7ubuntu5.8
8:6.8.9.9-7ubuntu5.9
8:6.8.9.9-7ubuntu5.11
8:6.8.9.9-7ubuntu5.12
8:6.8.9.9-7ubuntu5.13

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libmagickcore-6.q16-2": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-dev": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-6.q16-dev-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libimage-magick-q16-perl": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-dev": "8:6.8.9.9-7ubuntu5.14",
            "libimage-magick-perl": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-6.q16-dev": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6-arch-config-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-dev": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6.q16-2-extra": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6.q16-dev": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-6.q16-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "perlmagick": "8:6.8.9.9-7ubuntu5.14",
            "libimage-magick-q16-perl-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-6-headers": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6-headers": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-6-headers": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6.q16-2-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-6.q16-2-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-6.q16-5v5": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-doc": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6.q16-dev-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagickwand-6.q16-2": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6-arch-config": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-6.q16": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-dbg": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-6.q16-5v5-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-6.q16-dev": "8:6.8.9.9-7ubuntu5.14",
            "libmagickcore-6.q16-2-extra-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "libmagick++-6.q16-dev-dbgsym": "8:6.8.9.9-7ubuntu5.14",
            "imagemagick-common": "8:6.8.9.9-7ubuntu5.14"
        }
    ]
}

Ubuntu:18.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick@8:6.9.7.4+dfsg-16ubuntu6.7?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.7.4+dfsg-16ubuntu6.7

Affected versions

8:6.*

8:6.9.7.4+dfsg-16ubuntu2
8:6.9.7.4+dfsg-16ubuntu3
8:6.9.7.4+dfsg-16ubuntu4
8:6.9.7.4+dfsg-16ubuntu5
8:6.9.7.4+dfsg-16ubuntu6
8:6.9.7.4+dfsg-16ubuntu6.2
8:6.9.7.4+dfsg-16ubuntu6.3
8:6.9.7.4+dfsg-16ubuntu6.4

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "imagemagick-common": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16hdri-3": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libimage-magick-q16-perl": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16hdri-7-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libimage-magick-q16hdri-perl": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16-7-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6-common": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6.q16hdri-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libimage-magick-perl": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16-3-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16hdri-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6.q16-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6-doc": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16-3": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16-3-extra-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16-3": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16hdri-3-extra-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "perlmagick": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libimage-magick-q16-perl-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16hdri-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6-headers": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16hdri-7": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6-headers": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16hdri-3-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16-7": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16hdri-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6-headers": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16hdri-3-extra": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-doc": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16hdri-3": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6-arch-config": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6.q16": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16-3-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-6.q16-3-extra": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagick++-6.q16-dev": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickwand-6.q16hdri-3-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "imagemagick-6.q16hdri": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libimage-magick-q16hdri-perl-dbgsym": "8:6.9.7.4+dfsg-16ubuntu6.7",
            "libmagickcore-dev": "8:6.9.7.4+dfsg-16ubuntu6.7"
        }
    ]
}