[SECURITY] [DLA 1394-1] imagemagick security update

2018-06-2618:02:15

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u13
CVE ID : CVE-2018-11251 CVE-2018-12599 CVE-2018-12600

Several security vulnerabilities were discovered in ImageMagick, an
image manipulation program, that allow remote attackers to cause denial
of service (application crash) or out of bounds memory access via
crafted SUN, BMP, or DIB image files.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u13.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8allimagemagick< 8:6.8.9.9-5+deb8u13imagemagick_8:6.8.9.9-5+deb8u13_all.deb
Debian9armhflibmagick++-6.q16hdri-dev< 8:6.9.7.4+dfsg-11+deb9u5libmagick++-6.q16hdri-dev_8:6.9.7.4+dfsg-11+deb9u5_armhf.deb
Debian9arm64imagemagick< 8:6.9.7.4+dfsg-11+deb9u5imagemagick_8:6.9.7.4+dfsg-11+deb9u5_arm64.deb
Debian9armhflibmagickcore-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u5libmagickcore-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_armhf.deb
Debian9ppc64elimagemagick< 8:6.9.7.4+dfsg-11+deb9u5imagemagick_8:6.9.7.4+dfsg-11+deb9u5_ppc64el.deb
Debian9armelimagemagick-6.q16< 8:6.9.7.4+dfsg-11+deb9u5imagemagick-6.q16_8:6.9.7.4+dfsg-11+deb9u5_armel.deb
Debian9amd64imagemagick-6.q16-dbgsym< 8:6.9.7.4+dfsg-11+deb9u5imagemagick-6.q16-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_amd64.deb
Debian9s390xlibimage-magick-q16hdri-perl-dbgsym< 8:6.9.7.4+dfsg-11+deb9u5libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_s390x.deb
Debian8i386libmagickcore-6.q16-dev< 8:6.8.9.9-5+deb8u13libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u13_i386.deb
Debian8allimagemagick-doc< 8:6.8.9.9-5+deb8u13imagemagick-doc_8:6.8.9.9-5+deb8u13_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	imagemagick	< 8:6.8.9.9-5+deb8u13	imagemagick_8:6.8.9.9-5+deb8u13_all.deb
Debian	9	armhf	libmagick++-6.q16hdri-dev	< 8:6.9.7.4+dfsg-11+deb9u5	libmagick++-6.q16hdri-dev_8:6.9.7.4+dfsg-11+deb9u5_armhf.deb
Debian	9	arm64	imagemagick	< 8:6.9.7.4+dfsg-11+deb9u5	imagemagick_8:6.9.7.4+dfsg-11+deb9u5_arm64.deb
Debian	9	armhf	libmagickcore-6.q16-3-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u5	libmagickcore-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_armhf.deb
Debian	9	ppc64el	imagemagick	< 8:6.9.7.4+dfsg-11+deb9u5	imagemagick_8:6.9.7.4+dfsg-11+deb9u5_ppc64el.deb
Debian	9	armel	imagemagick-6.q16	< 8:6.9.7.4+dfsg-11+deb9u5	imagemagick-6.q16_8:6.9.7.4+dfsg-11+deb9u5_armel.deb
Debian	9	amd64	imagemagick-6.q16-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u5	imagemagick-6.q16-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_amd64.deb
Debian	9	s390x	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u5	libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_s390x.deb
Debian	8	i386	libmagickcore-6.q16-dev	< 8:6.8.9.9-5+deb8u13	libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u13_i386.deb
Debian	8	all	imagemagick-doc	< 8:6.8.9.9-5+deb8u13	imagemagick-doc_8:6.8.9.9-5+deb8u13_all.deb