Debian alert DLA-1082-1 (graphicsmagick)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1082-1] graphicsmagick security update | |
| Date: | Thu, 31 Aug 2017 22:21:30 +0200 (CEST) | |
| Message-ID: | <alpine.DEB.2.02.1708312220140.6198@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : graphicsmagick Version : 1.3.16-1.1+deb7u9 CVE ID : CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13776 CVE-2017-13777 CVE-2017-13776 CVE-2017-13777 denial of service issue in ReadXBMImage() CVE-2017-12935 The ReadMNGImage function in coders/png.c mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. CVE-2017-12936 The ReadWMFImage function in coders/wmf.c has a use-after-free issue for data associated with exception reporting. CVE-2017-12937 The ReadSUNImage function in coders/sun.c has a colormap heap-based buffer over-read. CVE-2017-13063 CVE-2017-13064 heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c CVE-2017-13065 NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c For Debian 7 "Wheezy", these problems have been fixed in version 1.3.16-1.1+deb7u9. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZqG/KXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHH9oQAJDSjo/o+oue/kh+gHuVqQSZ ZB30yCNvH0uOJQ5mkPtkTImQi8gpIHzZ56cYQgTJnrTxNOgp6K0sC2Tg3E5RvQvj zNB7pCkcuGrkIDwLaAeYvZHGIifXf0vpbBw5P3wMw18pAIHrYWv0thk7jfzM3tOH j70UZuvMRx6omcKZveiUMD5B9vram8yGL343ZOJF6aR6qMFt5ZUd812Gv+vhqlmU 4A0ONPvLGUzwC3T5La1lzcqJx2gPXFkXasptQuDSXdMq78NF/e4Fb0Fq8ojaT6vx /pxB8LDh9/sxl1w0OV9dDOdqWCGGxLy5ezFmg9qT8daafNVAI33JGoXkjDiClXJA /w2/5e5xkEi/nBek1bfvk5Rh46aLxNkS+EkTCl9jHsQk8mjSZc8fKDEDPp+MO84v AflgDhL0cf0F/azKJpjxklWzFnLgWL6YkmChmTF3bo1HQbaAS6u+DIhgV2q9BDyC sM83TPMNtvn85cCnHAFmmdhTF4LgmR9dsKK6nhWk/+6iFeKNnfCqqhOsmcMrEroF pbrZSYD8zkSjjeoI7N8yi6oQizm676YJiwKg68364GC/34w2iRuC0YdTQbHshhu3 DkW454I0EZPCXdV28Hdus8dbzUC9bjbqNtlOiGtWnRm7rJ/Fw3G9P/cx+XBhNm7a hnHxECDnw2nshZ4r3hsJ =RKMK -----END PGP SIGNATURE-----