Debian Security Advisory
DSA-3726-1 imagemagick -- security update
- Date Reported:
- 26 Nov 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 840437, Bug 845195, Bug 845196, Bug 845198, Bug 845202, Bug 845206, Bug 845212, Bug 845213, Bug 845241, Bug 845242, Bug 845243, Bug 845244, Bug 845246, Bug 840435.
In Mitre's CVE dictionary: CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556, CVE-2016-9559.
- More information:
Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input.
For the stable distribution (jessie), these problems have been fixed in version 8:18.104.22.168-5+deb8u6.
For the unstable distribution (sid), these problems have been fixed in version 8:22.214.171.124+dfsg-1.
We recommend that you upgrade your imagemagick packages.