Debian Security Advisory

DLA-574-1 qemu-kvm -- LTS security update

Date Reported:
30 Jul 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-5239, CVE-2016-2857, CVE-2016-4020, CVE-2016-4439, CVE-2016-5403, CVE-2016-6351.
More information:

It was discovered that there were two denial of service vulnerabilities in graphicsmagick, a collection of image processing tools:

  • CVE-2016-5240

    Prevent denial-of-service by detecting and rejecting negative stroke-dasharray arguments which were resulting in an endless loop.

  • CVE-2016-5241

    Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows to prevent DoS attack.

For Debian 7 Wheezy, this issue has been fixed in graphicsmagick version 1.3.16-1.1+deb7u3.

We recommend that you upgrade your graphicsmagick packages.