[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4712-1] imagemagick security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4712-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 30, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 
                 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 
                 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 
                 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 
                 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 
                 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 
                 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 
                 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 
                 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 
                 CVE-2019-19948 CVE-2019-19949

This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.

For the stable distribution (buster), these problems have been fixed in
version 8:6.9.10.23+dfsg-2.1+deb10u1.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl77hl8ACgkQEMKTtsN8
TjbwshAAp1/JOlprOZfp6+HCFH4cYbIOGwnDlZVn/tIS4KUZCyD0hHpOXzdohze9
ZyLHYw1uym5+Rile6M8tDAFjkwH/ePvsXi5NDJVgNM9MFZWcP+6Ai/3yCe8ZlaHS
Ji652NRQJG3PVwJp3rMVeKJsP0s7JCXxnHQC/5q9vmOLmuKDmLHbl6IMFLmkk3Ey
5IIeyjefq9Kg5CGKh0fFMm1irrUtdVoye+n3M+dPIob6aEq/spdD1iSR7Il5w6Mp
JDB9iqzGnV8gDPWwD6admujoku7kjn6Vorg9Ov/u/1cS0OFCFXXZtoWP3TSHISqH
tAnlnixHuHS7iV6DdDnzkbqJsA8GfsYskcrQ9sD8z2FueEDRchB++suKnayxNtSn
cndJPkbT8CxRdOBgEE+QJNuSsrxAM5aSEdEcQal4FgYP8WLWhsOPu3JAU1+8YLFW
PK7UMuWMh0B/scC79e3rhwrg8DvU0yFpxdRkDcznpz5NJ2hYBdcNXpnKaTOQNNgP
JfNgsn+0t7Yc2XA4Q6jmHJNOKOM4LMiOVI1LRe/6RuGNx94XJMeYw2MOmybM7xbo
s4KtXMXUUL8A0JLLHPHRUu09nerEoTXwDuJ+6lS82vEMT+XpWejcZRcw0RA5Rsud
Q4cHKw+PdAVHN32b8DfQ2uNVgZ9SZcNq24BrqCyihfNLdSxYSYg=
=dz+2
-----END PGP SIGNATURE-----


Reply to: