[SECURITY] [DLA 1785-1] imagemagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1785-1] imagemagick security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 14 May 2019 12:40:29 +0200
Message-id: <[🔎] b5c23f83-9ecf-675e-12bc-4e07a240fb77@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : imagemagick
Version        : 8:6.8.9.9-5+deb8u16
CVE ID         : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523
                 CVE-2017-11537 CVE-2017-12140 CVE-2017-12430
                 CVE-2017-12432 CVE-2017-12435 CVE-2017-12563
                 CVE-2017-12587 CVE-2017-12643 CVE-2017-12670
                 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692
                 CVE-2017-12693 CVE-2017-12875 CVE-2017-13133
                 CVE-2017-13142 CVE-2017-13145 CVE-2017-13658
                 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172
                 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
                 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
                 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624
                 CVE-2017-14625 CVE-2017-14626 CVE-2017-14739
                 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017
                 CVE-2017-15281 CVE-2017-17682 CVE-2017-17914
                 CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445
                 CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650
                 CVE-2019-11597 CVE-2019-11598
Debian Bug     : 867778 868950 869210 869712 873059 869727 870491 870504
                 870530 870526 870107 870107 870020 875338 872609 875339
                 875341 873871 875352 873100 870105 869830 870019 878506
                 875504 875503 875502 876099 876105 878546 878545 878541
                 877354 877355 878524 878547 878548 878555 878554 878579
                 885942 886584 928207 928206 925395


Numerous security vulnerabilities were fixed in Imagemagick. Various
memory handling problems and cases of missing or incomplete input
sanitizing may result in denial of service, memory or CPU exhaustion,
information disclosure or potentially the execution of arbitrary code
when a malformed image file is processed.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u16.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzamx1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSTvBAAw1QUpTz+BxRDepKLFl6K9YBjHN343t9uQXXf5azMhj3wrCB+7AWrOrIn
Nyj8El2YRgwJjKmSxQeSEmX//wK82svSkIiDAPC6VOFWsr6SdLUOeUfT+SznFhjg
ZODrt4g8mRZ+u42SRYQWuU+KvzsFEuGhnmOBDw4qxv2GDVbXEWrBlvu1TSPmXo7o
ejOa6y/SGdRYs0aiLGsq57jm9XSF/EfU+jWe3kXbYaJel8NQm4PN8B4ZZAn/FYlr
fMTrSMtZ4fSg2gGv8VAdJIoWLXDKBnx8123t21eRXJlzNLbu1U5C8mSL08x2iT5S
E/s3yXwFQjmxeFHS860N9zuFpGgj428tkfKI3Q8WeQETwj/FrXXlXHgLAg3UxDm7
HTx6rBE81zrI+WLEiSVV5COsZqd8eky10Ip8ycRO4RVhQ4GlAom7QCgrCGswbJ18
yT5xpslti45tZ2rzMKfYnpAcx8ZmDpGeciP/chkxiQ4SgEZtVsCmYZ25T50nUyua
eCFSpMBr2JMGso3xnIr7eOFEaVJDwdiCg5x1W9D1Ye5qMEVZ9HCGxhCDpQl0mNyE
NIgUYoZqAu6yJ/t56DrkZr48WLVbnPWBChIo30y1xARnkvUtlm9ENxs0jN4XWi49
K9lk3KMAp30CjZMCGo31dCmfxNtLcahvp9/B5Addjpla9TH8zWw=
=B8rC
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1786-1] qt4-x11 security update
Next by Date: [SECURITY] [DLA 1788-1] samba security update
Previous by thread: [SECURITY] [DLA 1786-1] qt4-x11 security update
Next by thread: [SECURITY] [DLA 1788-1] samba security update
Index(es):
- Date
- Thread