Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-574-1 qemu-kvm

Debian Security Advisory

DLA-574-1 qemu-kvm -- LTS security update

Date Reported:

30 Jul 2016

Affected Packages:

qemu-kvm

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5239, CVE-2016-2857, CVE-2016-4020, CVE-2016-4439, CVE-2016-5403, CVE-2016-6351.

More information:

It was discovered that there were two denial of service vulnerabilities in graphicsmagick, a collection of image processing tools:

• CVE-2016-5240

  Prevent denial-of-service by detecting and rejecting negative stroke-dasharray arguments which were resulting in an endless loop.

• CVE-2016-5241

  Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows to prevent DoS attack.

For Debian 7 Wheezy, this issue has been fixed in graphicsmagick version 1.3.16-1.1+deb7u3.

We recommend that you upgrade your graphicsmagick packages.