[SECURITY] [DSA 2898-1] imagemagick security update

2014-04-0917:11:54

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Debian Security Advisory DSA-2897-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
April 09, 2014 http://www.debian.org/security/faq

Package : imagemagick
CVE ID : CVE-2014-1947 CVE-2014-1958 CVE-2014-2030

Several buffer overflows were found in Imagemagick, a suite of image
manipulation programs. Processing malformed PSD files could lead to the
execution of arbitrary code.

For the oldstable distribution (squeeze), these problems have been fixed
in version 8:6.6.0.4-3+squeeze4.

For the stable distribution (wheezy), these problems have been fixed in
version 8:6.7.7.10-5+deb7u3.

For the testing distribution (jessie), these problems have been fixed in
version 8:6.7.7.10+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 8:6.7.7.10+dfsg-1.

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6armellibmagickcore3-extra< 8:6.6.0.4-3+squeeze4libmagickcore3-extra_8:6.6.0.4-3+squeeze4_armel.deb
Debian6mipsellibmagickcore3-extra< 8:6.6.0.4-3+squeeze4libmagickcore3-extra_8:6.6.0.4-3+squeeze4_mipsel.deb
Debian7mipsellibmagickcore-dev< 8:6.7.7.10-5+deb7u3libmagickcore-dev_8:6.7.7.10-5+deb7u3_mipsel.deb
Debian6kfreebsd-amd64libmagick++-dev< 8:6.6.0.4-3+squeeze4libmagick++-dev_8:6.6.0.4-3+squeeze4_kfreebsd-amd64.deb
Debian7mipselimagemagick-dbg< 8:6.7.7.10-5+deb7u3imagemagick-dbg_8:6.7.7.10-5+deb7u3_mipsel.deb
Debian7s390xlibmagickcore-dev< 8:6.7.7.10-5+deb7u3libmagickcore-dev_8:6.7.7.10-5+deb7u3_s390x.deb
Debian7armhfimagemagick-dbg< 8:6.7.7.10-5+deb7u3imagemagick-dbg_8:6.7.7.10-5+deb7u3_armhf.deb
Debian6kfreebsd-i386libmagickwand3< 8:6.6.0.4-3+squeeze4libmagickwand3_8:6.6.0.4-3+squeeze4_kfreebsd-i386.deb
Debian6amd64imagemagick< 8:6.6.0.4-3+squeeze4imagemagick_8:6.6.0.4-3+squeeze4_amd64.deb
Debian7amd64libmagick++5< 8:6.7.7.10-5+deb7u3libmagick++5_8:6.7.7.10-5+deb7u3_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	armel	libmagickcore3-extra	< 8:6.6.0.4-3+squeeze4	libmagickcore3-extra_8:6.6.0.4-3+squeeze4_armel.deb
Debian	6	mipsel	libmagickcore3-extra	< 8:6.6.0.4-3+squeeze4	libmagickcore3-extra_8:6.6.0.4-3+squeeze4_mipsel.deb
Debian	7	mipsel	libmagickcore-dev	< 8:6.7.7.10-5+deb7u3	libmagickcore-dev_8:6.7.7.10-5+deb7u3_mipsel.deb
Debian	6	kfreebsd-amd64	libmagick++-dev	< 8:6.6.0.4-3+squeeze4	libmagick++-dev_8:6.6.0.4-3+squeeze4_kfreebsd-amd64.deb
Debian	7	mipsel	imagemagick-dbg	< 8:6.7.7.10-5+deb7u3	imagemagick-dbg_8:6.7.7.10-5+deb7u3_mipsel.deb
Debian	7	s390x	libmagickcore-dev	< 8:6.7.7.10-5+deb7u3	libmagickcore-dev_8:6.7.7.10-5+deb7u3_s390x.deb
Debian	7	armhf	imagemagick-dbg	< 8:6.7.7.10-5+deb7u3	imagemagick-dbg_8:6.7.7.10-5+deb7u3_armhf.deb
Debian	6	kfreebsd-i386	libmagickwand3	< 8:6.6.0.4-3+squeeze4	libmagickwand3_8:6.6.0.4-3+squeeze4_kfreebsd-i386.deb
Debian	6	amd64	imagemagick	< 8:6.6.0.4-3+squeeze4	imagemagick_8:6.6.0.4-3+squeeze4_amd64.deb
Debian	7	amd64	libmagick++5	< 8:6.7.7.10-5+deb7u3	libmagick++5_8:6.7.7.10-5+deb7u3_amd64.deb