Lucene search

K
debianDebianDEBIAN:DLA-1131-1:F4DB2
HistoryOct 11, 2017 - 2:59 a.m.

[SECURITY] [DLA 1131-1] imagemagick security update

2017-10-1102:59:21
lists.debian.org
34

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

High

EPSS

0.023

Percentile

89.8%

Package : imagemagick
Version : 8:6.7.7.10-5+deb7u17
CVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875
CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060
CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
CVE-2017-14224 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
CVE-2017-14505 CVE-2017-14607 CVE-2017-14682 CVE-2017-14739
CVE-2017-14741 CVE-2017-14989 CVE-2017-15016 CVE-2017-15017
Debian Bug : 873871 875338 875339 875341 875352 875502 875503 875504
875506 876097 876099 876105 876488

This updates fixes numerous vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure, or the
execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,
PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types
of files are processed.

For Debian 7 "Wheezy", these problems have been fixed in version
8:6.7.7.10-5+deb7u17.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment:
signature.asc
Description: Digital signature

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

High

EPSS

0.023

Percentile

89.8%