Lucene search

K
debianDebianDEBIAN:DLA-1785-1:40B92
HistoryMay 14, 2019 - 10:40 a.m.

[SECURITY] [DLA 1785-1] imagemagick security update

2019-05-1410:40:29
lists.debian.org
109

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

Low

EPSS

0.049

Percentile

92.8%

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u16
CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523
CVE-2017-11537 CVE-2017-12140 CVE-2017-12430
CVE-2017-12432 CVE-2017-12435 CVE-2017-12563
CVE-2017-12587 CVE-2017-12643 CVE-2017-12670
CVE-2017-12674 CVE-2017-12691 CVE-2017-12692
CVE-2017-12693 CVE-2017-12875 CVE-2017-13133
CVE-2017-13142 CVE-2017-13145 CVE-2017-13658
CVE-2017-13768 CVE-2017-14060 CVE-2017-14172
CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
CVE-2017-14505 CVE-2017-14532 CVE-2017-14624
CVE-2017-14625 CVE-2017-14626 CVE-2017-14739
CVE-2017-14741 CVE-2017-15015 CVE-2017-15017
CVE-2017-15281 CVE-2017-17682 CVE-2017-17914
CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445
CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650
CVE-2019-11597 CVE-2019-11598
Debian Bug : 867778 868950 869210 869712 873059 869727 870491 870504
870530 870526 870107 870107 870020 875338 872609 875339
875341 873871 875352 873100 870105 869830 870019 878506
875504 875503 875502 876099 876105 878546 878545 878541
877354 877355 878524 878547 878548 878555 878554 878579
885942 886584 928207 928206 925395

Numerous security vulnerabilities were fixed in Imagemagick. Various
memory handling problems and cases of missing or incomplete input
sanitizing may result in denial of service, memory or CPU exhaustion,
information disclosure or potentially the execution of arbitrary code
when a malformed image file is processed.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u16.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

Low

EPSS

0.049

Percentile

92.8%