[SECURITY] [DLA 1081-1] imagemagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1081-1] imagemagick security update
From: Roberto C. Sánchez <roberto@debian.org>
Date: Thu, 31 Aug 2017 06:47:38 -0400
Message-id: <[🔎] 20170831104738.GA18206@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : imagemagick
Version        : 6.7.7.10-5+deb7u16
CVE ID         : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928 
                 CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 
                 CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448 
                 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 
                 CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 
                 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 
                 CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 
                 CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11639 
                 CVE-2017-11640 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 
                 CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 
                 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 
                 CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 
                 CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 
                 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 
                 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 
                 CVE-2017-12670 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 
                 CVE-2017-12877 CVE-2017-12983 CVE-2017-13133 CVE-2017-13134 
                 CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 
                 CVE-2017-13146 CVE-2017-13658
Debian Bug     : 867367 867896 867806 867808 867810 867811 867812 867798
                 867821 868264 868184 867721 867824 867826 867893 867823
                 867894 868263 869210 867748 868950 868469 869725 869726
                 869834 869711 869827 869712 870120 870065 870067 870016
                 870023 870480 870481 870525 869713 869727 869715 870491
                 870504 870530 870017 870115 870503 870526 870106 869796
                 870107 870502 870501 870489 870020 872609 870022 870118
                 872373 873134 873100 873099 870109 870105 870012 869728
                 870013 870019 869721 869722


This updates fixes numerous vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure or the
execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,
VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,
ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,
SFW, or XCF files are processed.

For Debian 7 "Wheezy", these problems have been fixed in version
6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 1080-1] gnupg security update
Next by Date: [SECURITY] [DLA 1072-1] mercurial security update
Previous by thread: [SECURITY] [DLA 1080-1] gnupg security update
Next by thread: [SECURITY] [DLA 1072-1] mercurial security update
Index(es):
- Date
- Thread