You probably don't know it, but also that your Linux distribution has it installed by default Imagemagick. It is a software with which we can edit images and that, although it is far from other editors such as GIMP, allows us to modify them in batches as we explained a long time ago in our article. How to edit, convert and resize multiple images at the same time in Ubuntu. Today, some of its packages have been updated to fix various security flaws.
To be more specific, as we read in the security report USN-4192-1 that Canonical has published a few moments ago, 30 vulnerabilities have been fixed. Of all of them, 21 have been labeled low or negligible priority, but there are 9 of medium priority. The systems affected by these vulnerabilities are all versions of Ubuntu that enjoy official support, which are Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 and Ubuntu 16.04.
ImageMagick also receives security enhancements
Canonical says that Ubuntu 14.04 and Ubuntu 12.04, both in ESM phase, are not affected. The one that is affected by many of the 30 vulnerabilities is Ubuntu 20.04 Focal Fossa, which is not surprising because at the moment it is still an Eoan Ermine on which they are developing the operating system that will be released in April 2020. The packages that exist to update are the following:
- imagemagick
- imagemagick-6.x
- libmagick ++ - 6.x
- libmagickcore-6.x
- libmagickcore-6.x
From the above, the "x" will change depending on the version of Ubuntu we are using. The general description of the faults includes:
ImageMagick was found to incorrectly handle certain malformed image files. If a user or automated system using ImageMagick was tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
The new packages are now available as an update in all official Ubuntu flavors. Initially, you will not need to restart your computer for the changes to take effect.