Univention Bugzilla – Bug 47486
imagemagick: Multiple issues (4.3)
Last modified: 2018-08-15 13:14:40 CEST
New Debian imagemagick 8:6.9.7.4+dfsg-11+deb9u5 fixes: This update addresses the following issue(s): * CVE_2005-0406 is open CVE_2008-3134 is open CVE_2016-8678 is open CVE_2017-6502 is open CVE_2017-7275 is open CVE_2017-11531 is open CVE_2017-11532 is open CVE_2017-11534 is open CVE_2017-11536 is open CVE_2017-11539 is open CVE_2017-11644 is open CVE_2017-11724 is open CVE_2017-11751 is open CVE_2017-11752 is open CVE_2017-11754 is open CVE_2017-11755 is open CVE_2017-12140 is open CVE_2017-12418 is open CVE_2017-12427 is open CVE_2017-12429 is open CVE_2017-12430 is open CVE_2017-12433 is open CVE_2017-12435 is open CVE_2017-12563 is open CVE_2017-12564 is open CVE_2017-12565 is open CVE_2017-12566 is open CVE_2017-12641 is open CVE_2017-12642 is open CVE_2017-12643 is open CVE_2017-12644 is open CVE_2017-12654 is open CVE_2017-12662 is open CVE_2017-12663 is open CVE_2017-12664 is open CVE_2017-12665 is open CVE_2017-12666 is open CVE_2017-12667 is open CVE_2017-12668 is open CVE_2017-12669 is open CVE_2017-12670 is open CVE_2017-12672 is open CVE_2017-12673 is open CVE_2017-12674 is open CVE_2017-12675 is open CVE_2017-12676 is open CVE_2017-12691 is open CVE_2017-12692 is open CVE_2017-12693 is open CVE_2017-12875 is open CVE_2017-13058 is open CVE_2017-13059 is open CVE_2017-13060 is open CVE_2017-13061 is open CVE_2017-13062 is open CVE_2017-13131 is open CVE_2017-13133 is open CVE_2017-13146 is open CVE_2017-13658 is open CVE_2017-13768 is open CVE_2017-14060 is open CVE_2017-14137 is open CVE_2017-14138 is open CVE_2017-14139 is open CVE_2017-14172 is open CVE_2017-14173 is open CVE_2017-14174 is open CVE_2017-14175 is open CVE_2017-14249 is open CVE_2017-14324 is open CVE_2017-14325 is open CVE_2017-14326 is open CVE_2017-14341 is open CVE_2017-14342 is open CVE_2017-14343 is open CVE_2017-14400 is open CVE_2017-14505 is open CVE_2017-14528 is open CVE_2017-14531 is open CVE_2017-14532 is open CVE_2017-14533 is open CVE_2017-14624 is open CVE_2017-14625 is open CVE_2017-14626 is open CVE_2017-14684 is open CVE_2017-14739 is open CVE_2017-14741 is open CVE_2017-15015 is open CVE_2017-15016 is open CVE_2017-15017 is open CVE_2017-15032 is open CVE_2017-15033 is open CVE_2017-15217 is open CVE_2017-15218 is open CVE_2017-15281 is open CVE_2017-17680 is open CVE_2017-17681 is open CVE_2017-17682 is open CVE_2017-17880 is open CVE_2017-17881 is open CVE_2017-17882 is open CVE_2017-17883 is open CVE_2017-17884 is open CVE_2017-17885 is open CVE_2017-17886 is open CVE_2017-17887 is open CVE_2017-17914 is open CVE_2017-17934 is open CVE_2017-18008 is open CVE_2017-18022 is open CVE_2017-18027 is open CVE_2017-18028 is open CVE_2017-18029 is open CVE_2017-18209 is open CVE_2017-18211 is open CVE_2017-18251 is open CVE_2017-18252 is open CVE_2017-18254 is open CVE_2017-18271 is open CVE_2017-18273 is open CVE_2017-1000445 is open CVE_2017-1000476 is open CVE_2018-5246 is open CVE_2018-5247 is open * In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. (CVE-2018-5248) CVE_2018-5357 is open CVE_2018-5358 is open CVE_2018-6405 is open CVE_2018-7443 is open CVE_2018-7470 is open CVE_2018-8804 is open CVE_2018-8960 is open CVE_2018-9133 is open CVE_2018-9135 is open CVE_2018-10177 is open CVE_2018-10804 is open CVE_2018-10805 is open * In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. (CVE-2018-11251) CVE_2018-11655 is open CVE_2018-11656 is open * In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599) * In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600) CVE_2018-13153 is open CVE_2018-14434 is open CVE_2018-14435 is open CVE_2018-14436 is open CVE_2018-14437 is open CVE_2018-14551 is open TEMP-0869722-31618B is open 8:6.9.7.4+dfsg-11+deb9u5 (Fri, 13 Jul 2018 00:04:11 +0200) * 0113-CVE-2018-12599 * 0114-CVE-2018-11251 * 0115-CVE-2018-12600 * 0116-CVE-2018-5248 * CVE-2018-5248 ImageMagick: Heap-based buffer over-read in the ReadSIXELImage function in coders/sixel.c (CVE-2018-5248) * CVE-2018-11251 ImageMagick: heap-based buffer over-read in ReadSUNImage in coders/sun.c (CVE-2018-11251) * CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599) * CVE-2018-12600 ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/imagemagick_6.9.7.4+dfsg-11+deb9u4.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/imagemagick_6.9.7.4+dfsg-11+deb9u5.dsc @@ -1,3 +1,10 @@ +8:6.9.7.4+dfsg-11+deb9u5 [Fri, 13 Jul 2018 00:04:11 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * 0113-CVE-2018-12599 (Closes: #902727) + * 0114-CVE-2018-11251 + * 0115-CVE-2018-12600 (Closes: #902728) + * 0116-CVE-2018-5248 (Closes: #886588) + 8:6.9.7.4+dfsg-11+deb9u4 [Tue, 26 Dec 2017 12:24:39 +0000] Moritz Muehlenhoff <jmm@debian.org>: * CVE-2017-12877 (Closes: #872373) <http://10.200.17.11/4.3-1/#2927392920417374296>
OK: patches REDO: piuparts OK: yaml OK: errata-announce imagemagick.yaml [4.3-1] fc1fec8ceb Bug #47486: imagemagick 8:6.9.7.4+dfsg-11+deb9u5 doc/errata/staging/imagemagick.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-1] 6aa9426dae Bug #47486: imagemagick 8:6.9.7.4+dfsg-11+deb9u5 doc/errata/staging/imagemagick.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
OK: piuparts
<http://errata.software-univention.de/ucs/4.3/182.html>