[SECURITY] [DLA 953-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 953-1] graphicsmagick security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 26 May 2017 15:08:53 +0200
Message-id: <[🔎] eff09f11-f64b-3379-6612-af9190177f7c@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u7
CVE ID         : CVE-2017-9098
Debian Bug     : 862967

Chris Evans discovered that graphicsmagick used uninitialized memory
in the RLE decoder, allowing an remote attacker to leak sensitive
information from process memory space.

More information are available at:
https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u7.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkoKOVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQhLw/8DPSi/xVDVrGH4vM8XOOl3be81G0pzAcL0EqwdsAKUIFaaO+RNSaXugW+
GS8UdqVpWGjncMVwZbnHJusWvouUuiD1TsheV0DKzStOPW7NICUL2Uxjmvpcy4Qv
vH5OLDP2VwrTh9aNPBOa7EOS2Q517pfoRrVYhATg8LMJO3yO23a/ExVIVj243NJ7
6huZFB4hRXCfGIeYQDENyUDMx83jhRgundaFGUEhEU7PGb7ZpNztBu0nixGvj+p8
zf6xJ2pcmwHxwZ2IaOPIcAynOgA+U8PG0rCr89LMr5u1kDjcaI0JOPJjRMc2cVg2
Rgv+wzdbX7B2F/6971d4Sm8TPc6L0/8xQ31TkYg8cczAI6uQMJookJ8bFsZcH7FL
jtDnUy+l0KBTfsgZA2oM+5hYqOs9a8bm/5o266InlmsVAl8r2h8GJeaTty6nPo7T
tgslf/TyyWXZ5fZRQi1u0wpe65GHe9hNwFa0t5Gb7flpj2bhEtdGm0bQcaflZLSO
FUWZqFaXgCUQukkm43h5dLMq18SEFYnBFcWdKozZuHPKQbxXo5NIWVPh0gBdK+dJ
TOpJ12osswze6CDi5cJE0lhES8cWv11oZjoLCm3KUjmYibkAzxJnsjr7pnwVT3ze
gkrLU8vnXLMaTZ1eb522U5n+yoVzy6OFSL30/YFu2wYAMio4cGs=
=dND/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 952-1] kde4libs security update
Next by Date: [SECURITY] [DLA 954-1] openjdk-7 security update
Previous by thread: [SECURITY] [DLA 952-1] kde4libs security update
Next by thread: [SECURITY] [DLA 954-1] openjdk-7 security update
Index(es):
- Date
- Thread