Ubuntu

Need support on vulnerabilities report on Ubuntu 22.04 LTS for OpenEXR and ImageMagick. How can we remediate these vuln. What are the alternate options.

Asked by pankaj kumar

Hello Team,

We are using Ubuntu 22.04.4 LTS (Jammy Jellyfish) and we have received two medium vulnerabilities with below details:-
Vulnerability Title:-Ubuntu Security Notification for OpenEXR Vulnerabilities (USN-5620-1)

Solution provided by Ubuntu:- Refer to Ubuntu security advisory https://ubuntu.com/security/notices/USN-5620-1 - USN-5620-1, for updates and patch information. Patch: Following are links for downloading patches to fix the vulnerabilities: https://ubuntu.com/security/notices/USN-5620-1 - USN-5620-1:Ubuntu Linux,

Vulnerability Title:Ubuntu Security Notification for ImageMagick Vulnerabilities (USN-6200-1)
As per solution, we have been aksed to go with ubuntu Pro which we do not want.

Solution provided by Ubuntu:-Refer to Ubuntu security advisory https://ubuntu.com/security/notices/USN-6200-1 - USN-6200-1, for updates and patch information. Patch: Following are links for downloading patches to fix the vulnerabilities: https://ubuntu.com/security/notices/USN-6200-1 - USN-6200-1:Ubuntu Linux,

We are not in position to upgrade our OS to Ubuntu Pro however we must need to mitigate these vulnerabilities listed above and may be need to mitigate upcoming vulnerabilities. Please help to provide exact solution without upgrading to ubuntu Pro.
We need alternate solution of it.

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
pankaj kumar (pkbk1982) said : 		#1

this is quite urgent and do keep updated on this.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#2

It's unlikely that anybody will call you and I strongly advise against putting your phone number out in public forums

Revision history for this message
pankaj kumar (pkbk1982) said : 		#3

Thank you for responding, I have removed my phone number.
Do we have any ETA, By when I can get response on my question ?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

There are only two possibilities provided by Ubuntu:

Either upgrade to a higher Ubuntu release (e.g. 24.04) that provides a patched package in its "default" repositories
or subscribe your systems to Ubuntu Pro.

Revision history for this message
pankaj kumar (pkbk1982) said : 		#5

Thank you for update and sharing the details.

Revision history for this message
pankaj kumar (pkbk1982) said : 		#6

Thank you, team, for sharing the details to mitigate the issue.

We shall discuss within team and update you accordingly.

Thanks and Regards
Pankaj Kumar
+91 9873784672
“The quieter you become, the more you are able to hear”

-----Original Message-----
From: <email address hidden> <email address hidden> On Behalf Of Manfred Hampl
Sent: Wednesday, May 8, 2024 1:26 PM
To: Pankaj Kumar <email address hidden>
Subject: [External] Re: [Question #812668]: Need support on vulnerabilities report on Ubuntu 22.04 LTS for OpenEXR and ImageMagick. How can we remediate these vuln. What are the alternate options.

Your question #812668 on Ubuntu changed:
https://answers.launchpad.net/ubuntu/+question/812668

    Status: Open => Answered

Manfred Hampl proposed the following answer:
There are only two possibilities provided by Ubuntu:

Either upgrade to a higher Ubuntu release (e.g. 24.04) that provides a patched package in its "default" repositories or subscribe your systems to Ubuntu Pro.

--
If this answers your question, please go to the following page to let us know that it is solved:
https://answers.launchpad.net/ubuntu/+question/812668/+confirm?answer_id=3

If you still need help, you can reply to this email or go to the following page to enter your feedback:
https://answers.launchpad.net/ubuntu/+question/812668

You received this question notification because you asked the question.

Can you help with this problem?

Provide an answer of your own, or ask pankaj kumar for more information if necessary.

To post a message you must log in.