USN-4670-1: ImageMagick vulnerabilities

Packages

imagemagick - Image manipulation programs and library

Details

It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10.
(CVE-2019-19948, CVE-2019-19949)

It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service. (CVE-2020-27560)

It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10.
(CVE-2019-19948, CVE-2019-19949)

It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service. (CVE-2020-27560)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
20.10 groovy	imagemagick – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	imagemagick-6.q16 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	imagemagick-6.q16hdri – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagick++-6.q16-8 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagick++-6.q16hdri-8 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickcore-6.q16-6 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickcore-6.q16-6-extra – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickcore-6.q16hdri-6 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickcore-6.q16hdri-6-extra – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickwand-6.q16-6 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
	libmagickwand-6.q16hdri-6 – 8:6.9.10.23+dfsg-2.1ubuntu13.1
20.04 focal	imagemagick – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	imagemagick-6.q16 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	imagemagick-6.q16hdri – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagick++-6.q16-8 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagick++-6.q16hdri-8 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickcore-6.q16-6 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickcore-6.q16-6-extra – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickcore-6.q16hdri-6 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickcore-6.q16hdri-6-extra – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickwand-6.q16-6 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
	libmagickwand-6.q16hdri-6 – 8:6.9.10.23+dfsg-2.1ubuntu11.2
18.04 bionic	imagemagick – 8:6.9.7.4+dfsg-16ubuntu6.9
	imagemagick-6.q16 – 8:6.9.7.4+dfsg-16ubuntu6.9
	imagemagick-6.q16hdri – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagick++-6.q16-7 – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagick++-6.q16hdri-7 – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickcore-6.q16-3 – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickcore-6.q16-3-extra – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickcore-6.q16hdri-3 – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickcore-6.q16hdri-3-extra – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickwand-6.q16-3 – 8:6.9.7.4+dfsg-16ubuntu6.9
	libmagickwand-6.q16hdri-3 – 8:6.9.7.4+dfsg-16ubuntu6.9
16.04 xenial	imagemagick – 8:6.8.9.9-7ubuntu5.16
	imagemagick-6.q16 – 8:6.8.9.9-7ubuntu5.16
	libmagick++-6.q16-5v5 – 8:6.8.9.9-7ubuntu5.16
	libmagickcore-6.q16-2 – 8:6.8.9.9-7ubuntu5.16
	libmagickcore-6.q16-2-extra – 8:6.8.9.9-7ubuntu5.16
	libmagickwand-6.q16-2 – 8:6.8.9.9-7ubuntu5.16

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices