USN-7440-1: ImageMagick regression

Releases

• Ubuntu 20.04 LTS

Packages

• imagemagick - Image manipulation programs and library

Details

USN-6200-2 fixed a vulnerability in ImageMagick. It was discovered that the
fix for CVE-2023-34151 was incomplete. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into opening a specially
crafted image file, an attacker could possibly exploit this issue to
cause a denial of service or other unspecified impact. (CVE-2023-34151)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• imagemagick - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• imagemagick-6-common - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• imagemagick-6.q16 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• imagemagick-6.q16hdri - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• imagemagick-common - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagick++-6.q16-8 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagick++-6.q16hdri-8 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagickcore-6.q16-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagickcore-6.q16hdri-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagickwand-6.q16-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11
• libmagickwand-6.q16hdri-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-34151
• https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2106393

Related notices

• USN-6200-1
• USN-6200-2