Debian Security Advisory
DSA-3808-1 imagemagick -- security update
- Date Reported:
- 13 Mar 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 856878, Bug 856879, Bug 856880, Bug 857426, Bug 844594.
In Mitre's CVE dictionary: CVE-2016-10252, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500.
- More information:
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.
This update also fixes visual artefacts when running -sharpen on CMYK images (no security impact, but piggybacked on top of the security update with approval of the Debian stable release managers since it's a regression in jessie compared to wheezy).
For the stable distribution (jessie), these problems have been fixed in version 8:220.127.116.11-5+deb8u8.
For the upcoming stable distribution (stretch), these problems have been fixed in version 8:18.104.22.168+dfsg-2.
For the unstable distribution (sid), these problems have been fixed in version 8:22.214.171.124+dfsg-2.
We recommend that you upgrade your imagemagick packages.