[SECURITY] [DSA 2462-2] imagemagick regression update

2012-05-0321:53:43

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

80.8%

JSON

Debian Security Advisory DSA-2462-2 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
May 3, 2012 http://www.debian.org/security/faq

Package : imagemagick
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186
CVE-2012-1610 CVE-2012-1798

The initial update introduced a regression, which could lead to errors
when processing some JPEG files.

For the stable distribution (squeeze), this problem has been fixed in
version 6.6.0.4-3+squeeze3.

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6mipslibmagick++3< 8:6.6.0.4-3+squeeze3libmagick++3_8:6.6.0.4-3+squeeze3_mips.deb
Debian6mipslibmagickcore3-extra< 8:6.6.0.4-3+squeeze3libmagickcore3-extra_8:6.6.0.4-3+squeeze3_mips.deb
Debian6mipsellibmagickcore3< 8:6.6.0.4-3+squeeze3libmagickcore3_8:6.6.0.4-3+squeeze3_mipsel.deb
Debian6powerpcimagemagick-dbg< 8:6.6.0.4-3+squeeze3imagemagick-dbg_8:6.6.0.4-3+squeeze3_powerpc.deb
Debian6sparclibmagick++-dev< 8:6.6.0.4-3+squeeze3libmagick++-dev_8:6.6.0.4-3+squeeze3_sparc.deb
Debian6sparclibmagickcore-dev< 8:6.6.0.4-3+squeeze3libmagickcore-dev_8:6.6.0.4-3+squeeze3_sparc.deb
Debian6ia64perlmagick< 8:6.6.0.4-3+squeeze3perlmagick_8:6.6.0.4-3+squeeze3_ia64.deb
Debian6s390libmagick++3< 8:6.6.0.4-3+squeeze3libmagick++3_8:6.6.0.4-3+squeeze3_s390.deb
Debian6amd64libmagickcore3< 8:6.6.0.4-3+squeeze3libmagickcore3_8:6.6.0.4-3+squeeze3_amd64.deb
Debian6ia64libmagickwand-dev< 8:6.6.0.4-3+squeeze3libmagickwand-dev_8:6.6.0.4-3+squeeze3_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	mips	libmagick++3	< 8:6.6.0.4-3+squeeze3	libmagick++3_8:6.6.0.4-3+squeeze3_mips.deb
Debian	6	mips	libmagickcore3-extra	< 8:6.6.0.4-3+squeeze3	libmagickcore3-extra_8:6.6.0.4-3+squeeze3_mips.deb
Debian	6	mipsel	libmagickcore3	< 8:6.6.0.4-3+squeeze3	libmagickcore3_8:6.6.0.4-3+squeeze3_mipsel.deb
Debian	6	powerpc	imagemagick-dbg	< 8:6.6.0.4-3+squeeze3	imagemagick-dbg_8:6.6.0.4-3+squeeze3_powerpc.deb
Debian	6	sparc	libmagick++-dev	< 8:6.6.0.4-3+squeeze3	libmagick++-dev_8:6.6.0.4-3+squeeze3_sparc.deb
Debian	6	sparc	libmagickcore-dev	< 8:6.6.0.4-3+squeeze3	libmagickcore-dev_8:6.6.0.4-3+squeeze3_sparc.deb
Debian	6	ia64	perlmagick	< 8:6.6.0.4-3+squeeze3	perlmagick_8:6.6.0.4-3+squeeze3_ia64.deb
Debian	6	s390	libmagick++3	< 8:6.6.0.4-3+squeeze3	libmagick++3_8:6.6.0.4-3+squeeze3_s390.deb
Debian	6	amd64	libmagickcore3	< 8:6.6.0.4-3+squeeze3	libmagickcore3_8:6.6.0.4-3+squeeze3_amd64.deb
Debian	6	ia64	libmagickwand-dev	< 8:6.6.0.4-3+squeeze3	libmagickwand-dev_8:6.6.0.4-3+squeeze3_ia64.deb