[SECURITY] [DSA 3799-1] imagemagick security update

2017-03-0122:06:44

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

JSON

Debian Security Advisory DSA-3799-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 01, 2017 https://www.debian.org/security/faq

Package : imagemagick
CVE ID : CVE-2016-8707 CVE-2016-10062 CVE-2016-10144
CVE-2016-10145 CVE-2016-10146 CVE-2017-5506
CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511
Debian Bug : 851485 851483 851380 848139 851383 851382 851381
851374 851376 849439

This update fixes several vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service or the execution of arbitrary
code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.

For the stable distribution (jessie), these problems have been fixed in
version 8:6.8.9.9-5+deb8u7.

For the testing distribution (stretch), these problems have been fixed
in version 8:6.9.7.4+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 8:6.9.7.4+dfsg-1.

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-i386libmagick++-6.q16-5< 8:6.8.9.9-5+deb8u7libmagick++-6.q16-5_8:6.8.9.9-5+deb8u7_kfreebsd-i386.deb
Debian7armhflibmagickcore5-extra< 8:6.7.7.10-5+deb7u11libmagickcore5-extra_8:6.7.7.10-5+deb7u11_armhf.deb
Debian8armellibmagick++-6.q16-5< 8:6.8.9.9-5+deb8u7libmagick++-6.q16-5_8:6.8.9.9-5+deb8u7_armel.deb
Debian7i386imagemagick-dbg< 8:6.7.7.10-5+deb7u11imagemagick-dbg_8:6.7.7.10-5+deb7u11_i386.deb
Debian8kfreebsd-i386libmagickcore-6.q16-2-extra< 8:6.8.9.9-5+deb8u7libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u7_kfreebsd-i386.deb
Debian8i386imagemagick-dbg< 8:6.8.9.9-5+deb8u7imagemagick-dbg_8:6.8.9.9-5+deb8u7_i386.deb
Debian8amd64imagemagick-6.q16< 8:6.8.9.9-5+deb8u7imagemagick-6.q16_8:6.8.9.9-5+deb8u7_amd64.deb
Debian7armellibmagick++-dev< 8:6.7.7.10-5+deb7u11libmagick++-dev_8:6.7.7.10-5+deb7u11_armel.deb
Debian7armelimagemagick-dbg< 8:6.7.7.10-5+deb7u11imagemagick-dbg_8:6.7.7.10-5+deb7u11_armel.deb
Debian8arm64libmagickcore-6.q16-2-extra< 8:6.8.9.9-5+deb8u7libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u7_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	kfreebsd-i386	libmagick++-6.q16-5	< 8:6.8.9.9-5+deb8u7	libmagick++-6.q16-5_8:6.8.9.9-5+deb8u7_kfreebsd-i386.deb
Debian	7	armhf	libmagickcore5-extra	< 8:6.7.7.10-5+deb7u11	libmagickcore5-extra_8:6.7.7.10-5+deb7u11_armhf.deb
Debian	8	armel	libmagick++-6.q16-5	< 8:6.8.9.9-5+deb8u7	libmagick++-6.q16-5_8:6.8.9.9-5+deb8u7_armel.deb
Debian	7	i386	imagemagick-dbg	< 8:6.7.7.10-5+deb7u11	imagemagick-dbg_8:6.7.7.10-5+deb7u11_i386.deb
Debian	8	kfreebsd-i386	libmagickcore-6.q16-2-extra	< 8:6.8.9.9-5+deb8u7	libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u7_kfreebsd-i386.deb
Debian	8	i386	imagemagick-dbg	< 8:6.8.9.9-5+deb8u7	imagemagick-dbg_8:6.8.9.9-5+deb8u7_i386.deb
Debian	8	amd64	imagemagick-6.q16	< 8:6.8.9.9-5+deb8u7	imagemagick-6.q16_8:6.8.9.9-5+deb8u7_amd64.deb
Debian	7	armel	libmagick++-dev	< 8:6.7.7.10-5+deb7u11	libmagick++-dev_8:6.7.7.10-5+deb7u11_armel.deb
Debian	7	armel	imagemagick-dbg	< 8:6.7.7.10-5+deb7u11	imagemagick-dbg_8:6.7.7.10-5+deb7u11_armel.deb
Debian	8	arm64	libmagickcore-6.q16-2-extra	< 8:6.8.9.9-5+deb8u7	libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u7_arm64.deb