[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1229-1] imagemagick security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : imagemagick
Version        : 8:6.7.7.10-5+deb7u20
CVE ID         : CVE-2017-1000445, CVE-2017-1000476
Debian Bug     : #886281

It was discovered that there were two vulnerabilities in the imagemagick
image manipulation program:

  CVE-2017-1000445: A null pointer dereference in the MagickCore
  component which could lead to denial of service.

  CVE-2017-1000476: A potential denial of service attack via CPU
  exhaustion.

For Debian 7 "Wheezy", this issue has been fixed in imagemagick version
8:6.7.7.10-5+deb7u20.

We recommend that you upgrade your imagemagick packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlpN/z0ACgkQHpU+J9Qx
HliM9RAApgqmgbleOFQTq67qwYNNsMclGYzpJJqDkt09C1Dr1CeCt4Q83USoVyXx
MkX/DU/hHCdTgF6u2aum6UO1Vi16Q7xlYVUK3bMXQtZSMnC4gydVd7RhJANYxRgj
zkIVwmAIN71PzrmaZspGAp+REIAQEtDP0o+Nq5P0h5qp+TZkaHBaCRRrzkzWkWX7
7alHVxg4vlZd51PQOQKuWrHMFJogt+PAW7DlyKhzdYWNFsRcaWmabtUvS1MaGdAa
e+e0VeLgVcuJYKxm00r2eOUIy3zr0Ep/Fyj/O+vJIg4/XZFSVlHhhxh70X0PGAsn
bavw6BPRWb+qOuQeuEAw1BD5+BjXhg3/z/cOKY+48KF2ap4fk1LBnjWwDi1eUjSd
2HQAjBJfMwKeT4PmBVKARiVYX6KlxE5ybqwmdcXlUl/la236O8EKidSDhFnhr1Ba
DTE2Nv9tyVHQTaJn2bT0Fsm7Z3GKQyPAp+mFhtdHaz23OXpvADdgmZ4OYTxgAak9
ji80dz8RO4Gy7yNqYXxM9fXXPx5VjCta869RWDYlsv7TX2qGtKVHicuFqMcfw9L0
C7dbLkcBiYMOCMeGOvIJtRWRynKSm0YAtAbOTX0y50K4OFXWREDnAd7AehhbouXI
MLD2d9iuDv4SMT2Ze12QfJRgIrGx+y3a7FYsD/HDr09HMUPRyhw=
=hpG7
-----END PGP SIGNATURE-----


Reply to: