[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
As a workaround, you can type this command : sudo sed -i 's###' /etc/ImageMagick-6/policy.xml -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
Hello, I am running Ubuntu 18.04.2 LTS (bionic) with ghostcript version 9.26. Per the document https://www.kb.cert.org/vuls/id/332928/, the vulnerability in question seems to have been fixed in version 9.24 itself. Isn't it time to have the policy.xml changes adjusted and any other changes done as required so the 'convert (to PDF)' starts working as always? I'm interested in doing the work and any related tests if availability is the only concern here. Would someone kindly guide me in that case? Thanks, Shashank -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
For what it's worth, we ran into this issue today as well. It looks like the related Ghostscript vulnerability is detailed here: https://www.kb.cert.org/vuls/id/332928 While the release notes are not exactly *clear*, Ghostscript v9.25 seems to make reference to fixing some vulnerabilities of this sort: https://www.ghostscript.com/doc/9.25/News.htm Just adding in this information in case it's helpful to others encountering this. I admit, I have no verification that Ghostscript v9.25 fixes the vulnerability. So, only comment out these new ImageMagick configurations at your own risk. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
img2pdf seem to do the job for the reverse operation nicely... S. Amir <1796...@bugs.launchpad.net> wrote: > Here is an alternative to `convert document.pdf image.jpg`: > > pdftoppm -jpeg document.pdf image > > Note: pdftoppm is coming from poppler-utils > Note: the generated output path is not 1:1 with convert, so > adjust any scripts using it > > Can someone suggest an alternative to the reverse operation, > `convert image.jpg document.pdf`? Thanks! > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
Here is an alternative to `convert document.pdf image.jpg`: pdftoppm -jpeg document.pdf image Note: pdftoppm is coming from poppler-utils Note: the generated output path is not 1:1 with convert, so adjust any scripts using it Can someone suggest an alternative to the reverse operation, `convert image.jpg document.pdf`? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
Sadi, if you're willing to take the risk, you can comment the appropriate line in /etc/ImageMagick-6/policy.xml .. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
I guess this shows that I suffer from the same issue when trying to convert image file(s) to pdf: 8:6.9.7.4+dfsg-16ubuntu6.4 convert-im6.q16: not authorized `filename.pdf' @ error/constitute.c/WriteImage/1037. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
** Tags added: regression-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: imagemagick (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
Yeah, but it's not immediately obvious if you're not familiar with imagemagick internals (I certainly didn't know what policy.xml was), and it's part of 70 lines of changes. Given this is flat out disabling a big chunk of functionality in something frequently used as part of other programs / scripts, in an LTS release, a mention in NEWS or README or something might be an idea. Or at least a more verbose changelog entry. Is this the recommended long-term solution to whatever the underlying vulnerability is, or is it a stop-gap until something else - I assume ghostscript - is properly patched? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation
The package changelog mentions this: * SECURITY UPDATE: code execution vulnerabilities in ghostscript as invoked by imagemagick - debian/patches/200-disable-ghostscript-formats.patch: disable ghostscript handled types by default in policy.xml https://bugs.launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs