logo
DATABASE RESOURCES PRICING ABOUT US

ImageMagick vulnerabilities

Description

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118)


Affected Package


OS OS Version Package Name Package Version
Ubuntu 16.04 imagemagick 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-6.q16-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-common 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-dbg 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 imagemagick-doc 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libimage-magick-perl 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libimage-magick-q16-perl-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-6-headers 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-6.q16-5v5-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-6.q16-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-6.q16-dev-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagick++-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6-arch-config 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6-arch-config-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-2-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-2-extra-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-6.q16-dev-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickcore-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-6.q16-2-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-6.q16-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-6.q16-dev-dbgsym 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 libmagickwand-dev 8:6.8.9.9-7ubuntu5.1
Ubuntu 16.04 perlmagick 8:6.8.9.9-7ubuntu5.1
Ubuntu 15.10 imagemagick 8:6.8.9.9-5ubuntu2.1
Ubuntu 15.10 imagemagick-6.q16 8:6.8.9.9-5ubuntu2.1
Ubuntu 15.10 imagemagick-common 8:6.8.9.9-5ubuntu2.1
Ubuntu 15.10 libmagick++-6.q16-5v5 8:6.8.9.9-5ubuntu2.1
Ubuntu 15.10 libmagickcore-6.q16-2 8:6.8.9.9-5ubuntu2.1
Ubuntu 14.04 imagemagick 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 imagemagick-common 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 imagemagick-dbg 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 imagemagick-doc 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagick++-dev 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagick++5 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagickcore-dev 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagickcore5 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagickcore5-extra 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagickwand-dev 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 libmagickwand5 8:6.7.7.10-6ubuntu3.1
Ubuntu 14.04 perlmagick 8:6.7.7.10-6ubuntu3.1
Ubuntu 12.04 imagemagick 8:6.6.9.7-5ubuntu3.4
Ubuntu 12.04 imagemagick-common 8:6.6.9.7-5ubuntu3.4
Ubuntu 12.04 libmagick++4 8:6.6.9.7-5ubuntu3.4
Ubuntu 12.04 libmagickcore4 8:6.6.9.7-5ubuntu3.4

Related