Debian Security Advisory
DLA-574-1 qemu-kvm -- LTS security update
- Date Reported:
- 30 Jul 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5239, CVE-2016-2857, CVE-2016-4020, CVE-2016-4439, CVE-2016-5403, CVE-2016-6351.
- More information:
It was discovered that there were two denial of service vulnerabilities in graphicsmagick, a collection of image processing tools:
Prevent denial-of-service by detecting and rejecting negative stroke-dasharray arguments which were resulting in an endless loop.
Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows to prevent DoS attack.
For Debian 7
Wheezy, this issue has been fixed in graphicsmagick version 1.3.16-1.1+deb7u3.
We recommend that you upgrade your graphicsmagick packages.