[SECURITY] [DLA 807-1] imagemagick security update

2017-01-3008:39:24

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.5%

JSON

    Package        : imagemagick

Version : 8:6.7.7.10-5+deb7u11
CVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506
CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511
Debian Bug : #851485, #851483, #851380, #851383, #851382, #851381, #851376, #851374

Numerous vulnerabilities were discovered in ImageMagick, an image
manipulation program. Issues include memory leaks, out of bound reads
and missing checks.

This update also includes an update of the fix for CVE-2016-8677 which
was incomplete in the previous version.

For Debian 7 "Wheezy", these problems have been fixed in version
8:6.7.7.10-5+deb7u11.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8armellibmagickcore-6-arch-config< 8:6.8.9.9-5+deb8u7libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u7_armel.deb
Debian8s390xlibmagickcore-6.q16-2< 8:6.8.9.9-5+deb8u7libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u7_s390x.deb
Debian8armellibmagickwand-6.q16-2< 8:6.8.9.9-5+deb8u7libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u7_armel.deb
Debian8ppc64elimagemagick< 8:6.8.9.9-5+deb8u7imagemagick_8:6.8.9.9-5+deb8u7_ppc64el.deb
Debian8armhflibmagickcore-6.q16-2< 8:6.8.9.9-5+deb8u7libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u7_armhf.deb
Debian7amd64libmagickcore5-extra< 8:6.7.7.10-5+deb7u11libmagickcore5-extra_8:6.7.7.10-5+deb7u11_amd64.deb
Debian8armhflibmagickwand-6.q16-2< 8:6.8.9.9-5+deb8u7libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u7_armhf.deb
Debian8powerpcimagemagick-dbg< 8:6.8.9.9-5+deb8u7imagemagick-dbg_8:6.8.9.9-5+deb8u7_powerpc.deb
Debian8allimagemagick-doc< 8:6.8.9.9-5+deb8u7imagemagick-doc_8:6.8.9.9-5+deb8u7_all.deb
Debian8amd64imagemagick-6.q16< 8:6.8.9.9-5+deb8u7imagemagick-6.q16_8:6.8.9.9-5+deb8u7_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armel	libmagickcore-6-arch-config	< 8:6.8.9.9-5+deb8u7	libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u7_armel.deb
Debian	8	s390x	libmagickcore-6.q16-2	< 8:6.8.9.9-5+deb8u7	libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u7_s390x.deb
Debian	8	armel	libmagickwand-6.q16-2	< 8:6.8.9.9-5+deb8u7	libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u7_armel.deb
Debian	8	ppc64el	imagemagick	< 8:6.8.9.9-5+deb8u7	imagemagick_8:6.8.9.9-5+deb8u7_ppc64el.deb
Debian	8	armhf	libmagickcore-6.q16-2	< 8:6.8.9.9-5+deb8u7	libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u7_armhf.deb
Debian	7	amd64	libmagickcore5-extra	< 8:6.7.7.10-5+deb7u11	libmagickcore5-extra_8:6.7.7.10-5+deb7u11_amd64.deb
Debian	8	armhf	libmagickwand-6.q16-2	< 8:6.8.9.9-5+deb8u7	libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u7_armhf.deb
Debian	8	powerpc	imagemagick-dbg	< 8:6.8.9.9-5+deb8u7	imagemagick-dbg_8:6.8.9.9-5+deb8u7_powerpc.deb
Debian	8	all	imagemagick-doc	< 8:6.8.9.9-5+deb8u7	imagemagick-doc_8:6.8.9.9-5+deb8u7_all.deb
Debian	8	amd64	imagemagick-6.q16	< 8:6.8.9.9-5+deb8u7	imagemagick-6.q16_8:6.8.9.9-5+deb8u7_amd64.deb