[SECURITY] [DSA 4032-1] imagemagick security update

2017-11-1210:45:50

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.1%

JSON

Debian Security Advisory DSA-4032-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 12, 2017 https://www.debian.org/security/faq

Package : imagemagick
CVE ID : CVE-2017-12983 CVE-2017-13134 CVE-2017-13758
CVE-2017-13769 CVE-2017-14224 CVE-2017-14607
CVE-2017-14682 CVE-2017-14989 CVE-2017-15277
Debian Bug : 873134 873099 878508 878507 876097 878527 876488 878562
878578

This update fixes several vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or the execution of
arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files
are processed.

For the stable distribution (stretch), these problems have been fixed in
version 8:6.9.7.4+dfsg-11+deb9u3.

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armellibimage-magick-q16hdri-perl-dbgsym< 8:6.9.7.4+dfsg-11+deb9u3libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian7armellibmagick++5< 8:6.7.7.10-5+deb7u17libmagick++5_8:6.7.7.10-5+deb7u17_armel.deb
Debian8arm64imagemagick-dbg< 8:6.8.9.9-5+deb8u11imagemagick-dbg_8:6.8.9.9-5+deb8u11_arm64.deb
Debian8kfreebsd-i386libmagickwand-6.q16-2< 8:6.8.9.9-5+deb8u11libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u11_kfreebsd-i386.deb
Debian9armellibmagickwand-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u3libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian7armelimagemagick< 8:6.7.7.10-5+deb7u17imagemagick_8:6.7.7.10-5+deb7u17_armel.deb
Debian8kfreebsd-amd64libmagickwand-6.q16-dev< 8:6.8.9.9-5+deb8u11libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u11_kfreebsd-amd64.deb
Debian8mipselimagemagick< 8:6.8.9.9-5+deb8u11imagemagick_8:6.8.9.9-5+deb8u11_mipsel.deb
Debian8arm64imagemagick< 8:6.8.9.9-5+deb8u11imagemagick_8:6.8.9.9-5+deb8u11_arm64.deb
Debian7i386libmagickcore5< 8:6.7.7.10-5+deb7u17libmagickcore5_8:6.7.7.10-5+deb7u17_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u3	libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian	7	armel	libmagick++5	< 8:6.7.7.10-5+deb7u17	libmagick++5_8:6.7.7.10-5+deb7u17_armel.deb
Debian	8	arm64	imagemagick-dbg	< 8:6.8.9.9-5+deb8u11	imagemagick-dbg_8:6.8.9.9-5+deb8u11_arm64.deb
Debian	8	kfreebsd-i386	libmagickwand-6.q16-2	< 8:6.8.9.9-5+deb8u11	libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u11_kfreebsd-i386.deb
Debian	9	armel	libmagickwand-6.q16-3-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u3	libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u3_armel.deb
Debian	7	armel	imagemagick	< 8:6.7.7.10-5+deb7u17	imagemagick_8:6.7.7.10-5+deb7u17_armel.deb
Debian	8	kfreebsd-amd64	libmagickwand-6.q16-dev	< 8:6.8.9.9-5+deb8u11	libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u11_kfreebsd-amd64.deb
Debian	8	mipsel	imagemagick	< 8:6.8.9.9-5+deb8u11	imagemagick_8:6.8.9.9-5+deb8u11_mipsel.deb
Debian	8	arm64	imagemagick	< 8:6.8.9.9-5+deb8u11	imagemagick_8:6.8.9.9-5+deb8u11_arm64.deb
Debian	7	i386	libmagickcore5	< 8:6.7.7.10-5+deb7u17	libmagickcore5_8:6.7.7.10-5+deb7u17_i386.deb