[SECURITY] [DLA 242-1] imagemagick security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package : imagemagick
Version : 8:6.6.0.4-3+squeeze6
CVE ID : CVE-2012-3437 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562
Debian Bug : #773834 #767240 #683285 #692367
This update fixes a large number of potential security problems due to
insufficient data validation when parsing different input
formats. Most of those potential security problems do not have a CVE
number assigned.
While the security implications of all of these problems are not all
fully known, it is highly recommended to update.
The update fixes the following identified vulnerabilities:
CVE-2012-3437
Incorrect validation of PNG buffer size, leading to DoS using
specially crafted PNG files.
CVE-2014-8354
Out of bounds memory access in resize
CVE-2014-8355
Buffer overflow in PCX reader
CVE-2014-8562
Buffer overflow in DCM readers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVeeqmAAoJEO3GeJm/E8RX/P0IAIztw53pFPTIsRMdKfOrhYSc
mkyt6cQ2p9Qw8sjt3zyddiA8WaLslhbDcinlKMS1i7Amsydg8LoI9aSMJtWzo+2x
+CP4h3pZEQMEc+V1vgptO77y0S3kuL30M+DMD8gPo2pUA7D3gAGHinFqhmu25g11
C5WKoXmltAaEm0avie6c4YrcR4b/iEOtcdCaJWIgmWOp2o+7YFBlQVo9Iy103Tp1
bahrLJANgW1//y1Lkh9LXW1hF8QkHhkWlLu1JQeZQgLvIIxejYv9DJgkvPCSXRwy
GIw5gwHkzAMy3WzOpWOaN60kjZ1udLE5GB0fEMaqTC8RyHUFy5v/r9IEbb46ukM=
=vQey
-----END PGP SIGNATURE-----
Reply to: