[SECURITY] [DLA 1140-1] graphicsmagick security update

2017-10-1908:06:10

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Package : graphicsmagick
Version : 1.3.16-1.1+deb7u11
CVE ID : CVE-2017-13737 CVE-2017-15277

Immediately after the previous update to graphicsmagick, two more security
issues were identified. These updates are included here.

CVE-2017-13737

Incorrect rounding up resulted in scrambling the heap beyond the
allocation.

CVE-2017-15277

Left the palette uninitialized when processing a GIF
file that has neither a global nor local palette.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u11.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armellibimage-magick-q16hdri-perl-dbgsym< 8:6.9.7.4+dfsg-11+deb9u3libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian9amd64graphicsmagick-dbg< 1.3.30+hg15796-1~deb9u1graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb
Debian8arm64imagemagick-dbg< 8:6.8.9.9-5+deb8u11imagemagick-dbg_8:6.8.9.9-5+deb8u11_arm64.deb
Debian8kfreebsd-i386libmagickwand-6.q16-2< 8:6.8.9.9-5+deb8u11libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u11_kfreebsd-i386.deb
Debian9armellibmagickwand-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u3libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian8kfreebsd-amd64libmagickwand-6.q16-dev< 8:6.8.9.9-5+deb8u11libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u11_kfreebsd-amd64.deb
Debian9arm64graphicsmagick-dbg< 1.3.30+hg15796-1~deb9u1graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_arm64.deb
Debian7armhfgraphicsmagick-dbg< 1.3.16-1.1+deb7u11graphicsmagick-dbg_1.3.16-1.1+deb7u11_armhf.deb
Debian8mipselimagemagick< 8:6.8.9.9-5+deb8u11imagemagick_8:6.8.9.9-5+deb8u11_mipsel.deb
Debian9i386libgraphicsmagick1-dev< 1.3.30+hg15796-1~deb9u1libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u3	libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian	9	amd64	graphicsmagick-dbg	< 1.3.30+hg15796-1~deb9u1	graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb
Debian	8	arm64	imagemagick-dbg	< 8:6.8.9.9-5+deb8u11	imagemagick-dbg_8:6.8.9.9-5+deb8u11_arm64.deb
Debian	8	kfreebsd-i386	libmagickwand-6.q16-2	< 8:6.8.9.9-5+deb8u11	libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u11_kfreebsd-i386.deb
Debian	9	armel	libmagickwand-6.q16-3-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u3	libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian	8	kfreebsd-amd64	libmagickwand-6.q16-dev	< 8:6.8.9.9-5+deb8u11	libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u11_kfreebsd-amd64.deb
Debian	9	arm64	graphicsmagick-dbg	< 1.3.30+hg15796-1~deb9u1	graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_arm64.deb
Debian	7	armhf	graphicsmagick-dbg	< 1.3.16-1.1+deb7u11	graphicsmagick-dbg_1.3.16-1.1+deb7u11_armhf.deb
Debian	8	mipsel	imagemagick	< 8:6.8.9.9-5+deb8u11	imagemagick_8:6.8.9.9-5+deb8u11_mipsel.deb
Debian	9	i386	libgraphicsmagick1-dev	< 1.3.30+hg15796-1~deb9u1	libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_i386.deb