Re: [SECURITY] [DSA 3652-1] imagemagick security update
Imagemagick sucks... thanks for looking into this!
> On Aug 25, 2016, at 1:53 PM, Moritz Muehlenhoff <jmm@debian.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3652-1 security@debian.org
> https://www.debian.org/security/ Moritz Muehlenhoff
> August 25, 2016 https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : imagemagick
> CVE ID : CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010
> CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690
> CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491
> Debian Bugs : 832885 832887 832888 832968 833003 832474 832475 832464
> 832465 832467 832457 832461 832469 832482 832483 832504
> 832633 832776 832780 832787 832789 823750 832455 832478
> 832480 832506 832785 832793 832942 832944 832890 833044
> 833043 833042 831034 833099 833101 827643 833812 833744
> 833743 833735 833732 833730 834183 834501 834163 834504
>
> This updates fixes many vulnerabilities in imagemagick: Various memory
> handling problems and cases of missing or incomplete input sanitising
> may result in denial of service or the execution of arbitrary code if
> malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,
> PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 8:6.8.9.9-5+deb8u4.
>
> For the unstable distribution (sid), these problems will be fixed soon.
>
> We recommend that you upgrade your imagemagick packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJXv1pNAAoJEBDCk7bDfE42cskP/0HsHR3ttFJ8rn8a7Mbwc8tu
> 359/a6zFrNVbBY29WbvtMlmJ4qY8J81OrkMHNVzXsUWlNgFOnNovuMGp2P+T+D8x
> 3MKZ1ZNUrhbylljknZw/Gp2nZYVWTQuYBZEmk3x/sFfEx3DsyViNltReXUXX87h2
> 8WAo0qGbAGzAyeQ19JJ/WDCKVM4e61O7TQkss4NY1f1u610j3lG1JzygYUATdcJw
> G9E/W2llw/H9owNK7CtV6y/sL8VfSf/KnYL3erl7M6CzyaJfMLVRaJzbolHlkmW6
> oMZxkD3BQBSk1zf2S6LJSYjez6ipbSNpTUuE1U3LS/Yqu3gdQ96m9qhDJgXpLBcj
> mKDWekjH4Ep5gDS44AhxpvHu305j1/2mMl/9H3gzFe1MLKMQpSQRfPihd++apUmM
> XofTqtjl0L4OdFgHj2M9ZeYnNP0EJQ89Yuyq7fERslFj1ip5Tf4bEAO39kmoNghY
> 9DzSLKGlOyfBqyGahOaYSftuxkb3gmZqtho7bw0IGCifa3byuvij6ifmL4Y65q5G
> Xlck5nIzMGuTadIWFQqYY7w02VVFFtX9MD2FyBfaCgV6rKkr6Nq693kWFNatwcvs
> 1HamncspoVM5BvKdmvykzqDxplWvZ9KpAbdz+QqyXW9P2cy7y/oMGTtSGvddsE7e
> c7Kswhp7uQOl6KtfEJce
> =jZ5n
> -----END PGP SIGNATURE-----
>
Reply to: