[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2333-1] imagemagick security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2333-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
August 18, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : imagemagick
Version        : 8:6.9.7.4+dfsg-11+deb9u9
CVE ID         : CVE-2017-12805 CVE-2017-17681 CVE-2017-18252
                 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960
                 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551
                 CVE-2018-18024 CVE-2018-20467 CVE-2019-10131
                 CVE-2019-11472 CVE-2019-11597 CVE-2019-12974
                 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979
                 CVE-2019-13295 CVE-2019-13297 CVE-2019-11470
                 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949
Debian Bug     : 885941 891291 894848 896018 904713 917326 928207 931196
                 931191 931190 931189 931457 927830 931740 955025
947309

Several security vulnerabilities were fixed in Imagemagick. Various
memory handling problems and cases of missing or incomplete input
sanitizing may result in denial of service, memory or CPU exhaustion,
information disclosure or potentially the execution of arbitrary code
when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version
8:6.9.7.4+dfsg-11+deb9u9.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl88ZLpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSPNxAAhMiLDNQrFKVYQttf0IvnRL07RubWJpEkq3FgVTZ75J8SY6JPOry62GVM
+OFPbXsRVy5l9qIk25LF/6JxHnNlLfOsed6vs5WPl1FsI2q34vjHEypnisVX6v8L
RkiMKDccTWiLgGjXcFzbjyTaklP9M1thEGkaqRDWT58mbgat7q9PH2jid8xhhCgV
v95UMzqdwXX7jA9mx3ih7s+AnrSbN1cgVkPzJYIFsUJOi2z+bRVdt2nPSvOEwnnt
ddSZI5HC2VqamL6P3eqHvYhGV6AZPvcdx5MGHMRA0fqOmlQy5exEc44BO05kWLW3
WBHrl/dRCwSXl6bAJOBxDRX7bkZCjUlPDiLS1cagcnTQF6Hf9UDtK0Pk+RQxyN11
+2h6rbqnhy8b44ZVPmJREfrAzOYGuRO+r+mFxa4vlp9znaTmOY+ghM2WdIU5IJi2
FygqgZKhoNvz93HzMzTy52e4H1KZOs5j7ldmEDoarvE5v61D2UJfenQ4TiNXNKEx
VkXsaR86zlcfdxFQmTXmsAxyF6Aw0K7YXP41XUexihMDJBEcIrHj4bC5/Tb50D0r
LOsGFqblO++l0C29uT5H2OD/fyGFii6zhD5nEYxfwTrYIHHzcWQPw7Zufvofss6s
d/t3NedCO9P132uhUjmdl1Q1F/4Wid/zWLS9zXOMkBl1xl3x5gc=
=6UKS
-----END PGP SIGNATURE-----


Reply to: