|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-651-1 (graphicsmagick)



From:
    	      Brian May <bam@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 651-1] graphicsmagick security update 


Date:
    	      Tue, 11 Oct 2016 17:40:00 +1100


Message-ID:
    	      <20161011064000.p6efyayaat5tv2we@prune.linuxpenguins.xyz>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u4
CVE ID         : CVE-2016-7446 CVE-2016-7447 CVE-2016-7449 CVE-2016-7800
Debian Bug     : 


Various security issues were found and fixed in graphicsmagick in Debian
wheezy LTS.

CVE-2016-7446

    Heap buffer overflow issue in MVG/SVG rendering.

CVE-2016-7447

    Heap overflow of the EscapeParenthesis() function

CVE-2016-7449

    TIFF related problems due to use of strlcpy use.

CVE-2016-7800

    Fix unsigned underflow leading to heap overflow when
    parsing 8BIM chunk.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u4.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----

iQI1BAEBCAAfBQJX/IjOGBxicmlhbkBsaW51eHBlbmd1aW5zLnh5egAKCRAXhFd/
gR9urGleEACVZqbK5DxCNTWGMpeKu/BHPO9uPX6JO2RiT1A62KMV/u2GUCZKhkL7
+DixRiT5EdTNyfd6/B63S1M8ab5CwSO9wj31SyRMy6ZOaXGWc8VaN66xC7e3lKMi
p2+FmdnIG4/dBCUIqCCYpVCteKuQz7E7wI9fmg209FaBWm2qteamMrmSuYOMkvvE
sGtL2hOKzaLc7HCoXlcNUtYpNR4gEYbuRJIPinH3Wv4IznBvhbFS8kNKiDKXKJhv
1MnEjJ/yK0jBw0/p/yUgMNag4mb3YrjaEhVyCa9y9UKbByDIsSguK88kV6yVbd2u
0CkkVA2P2HY9JHpQ/EI5qoAPtfVMm1wzvdok8XasrAJHTnhUhOaXQUkr2USLQsLM
coRppqN0sxIyY3NdmGaHAtI5NJU1btkGoLjg3YwnuJPvyUdtAn+BSa4ipSosAz/A
Ov7H92NnQVUBY1eeoEdkvSnChtTGOaXenXyOXlUe+pM7/Br8yPRhy6ANTYFDalRO
IwmjWCsPFLdPro1hhda/B/86nXx5tD+yRgq9gwTzxPYB7GKG0jWq10WiB7H8hAbh
mGKfSSj6OSiV28GVSGqRyyVZs2T0qzYcPs5mCSrQYiBKs6ht1XCRVuHxSDY3ZDb4
3kuyUu5acXQu7tsZ13VlrMVciwUJIm9LBqyfTFdEqY4YG72GrOw4zA==
=YsKP
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds