Lucene search

Cloud FoundryCFOUNDRY:7D5D9BF7AB204E8F0F60BE4DFFB9D241

HistorySep 05, 2024 - 12:00 a.m.

USN-6621-1: ImageMagick vulnerability | Cloud Foundry

2024-09-0500:00:00

Cloud Foundry

www.cloudfoundry.org

imagemagick

vulnerability

canonical ubuntu

cloud foundry

bmp files

denial of service

update instructions

cve-2023-5341

cflinuxfs4

cf deployment

mitigation

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 18.04
Canonical Ubuntu 22.04

Description

It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Run sudo pro fix USN-6621-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-dev – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-dev – 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick – 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-doc – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-dev – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2-extra – 8:6.8.9.9-7ubuntu5.16+esm10 libmagick+±6-headers – 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-q16-perl – 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-perl – 8:6.8.9.9-7ubuntu5.16+esm10 libmagick+±dev – 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-6.q16 – 8:6.8.9.9-7ubuntu5.16+esm10 libmagick+±6.q16-5v5 – 8:6.8.9.9-7ubuntu5.16+esm10 perlmagick – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-2 – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-arch-config – 8:6.8.9.9-7ubuntu5.16+esm10 libmagick+±6.q16-dev – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-dev – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-headers – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6-headers – 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2 – 8:6.8.9.9-7ubuntu5.16+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro

CVEs contained in this USN include: CVE-2023-5341.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

cflinuxfs4
- All versions prior to 1.112.0
CF Deployment
- All versions prior to 42.2.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs4
- Upgrade all versions to 1.112.0 or greater
CF Deployment
- Upgrade all versions to 42.2.0 or greater

References

History

2024-09-05: Initial vulnerability report published.

Affected configurations

Vulners

Node

cloudfoundrycflinuxfs4Range<1.112.0

cloudfoundrycf-deploymentRange<42.2.0

VendorProductVersionCPE
cloudfoundrycflinuxfs4*cpe:2.3:a:cloudfoundry:cflinuxfs4:*:*:*:*:*:*:*:*
cloudfoundrycf-deployment*cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudfoundry	cflinuxfs4	*	cpe:2.3:a:cloudfoundry:cflinuxfs4::::::::
cloudfoundry	cf-deployment	*	cpe:2.3:a:cloudfoundry:cf-deployment::::::::