SecurityHome.eu [gentoo-announce] [ GLSA 201606-14 ] ImageMagick: Multiple vulnerabilities

Home / mailings PDF

[gentoo-announce] [ GLSA 201606-14 ] ImageMagick: Multiple vulnerabilities
Posted on 26 June 2016
Gentoo-announce
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4K0PWnpcInJTwN57NvDeVMhFQcwwvH8Jj
Content-Type: multipart/mixed; boundary="UChtfW70aRPdODkuI14P2mWx7sjG1LpJr"
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <2f815409-9973-1cdb-28b0-a32a72797423@gentoo.org>
Subject: [ GLSA 201606-14 ] ImageMagick: Multiple vulnerabilities

--UChtfW70aRPdODkuI14P2mWx7sjG1LpJr
Content-Type: multipart/alternative;
boundary="------------B67287952C203829DC1B5A9A"

This is a multi-part message in MIME format.
--------------B67287952C203829DC1B5A9A
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: Multiple vulnerabilities
Date: June 26, 2016
Bugs: #534106, #562892
ID: 201606-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in ImageMagick including
overflows and possible Denials of Service.

Background
==========
Imagemagick is a collection of tools and libraries for many image
formats.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-gfx/imagemagick < 6.9.0.3 >= 6.9.0.3

Description
===========
Multiple vulnerabilities have been discovered in ImageMagick including,
but not limited to, various overflows and potential Denials of Service.
Please visit the references and related bug reports for additional
information.

Impact
======
Remote attackers could potentially perform buffer overflows or conduct
Denials of Service.

Workaround
==========
There is no known workaround at this time.

Resolution
==========
All ImageMagick users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.3"

References
==========
[ 1 ] Double free in coders/pict.c:2000
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
[ 2 ] Double free in coders/tga.c:221
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
[ 3 ] Imagemagick fuzzing bug
http://www.openwall.com/lists/oss-security/2014/12/24/1
[ 4 ] Integer and Buffer overflow in coders/icon.c
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747

Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201606-14

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--------------B67287952C203829DC1B5A9A
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=utf=-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>
<meta http-equiv="content-type" content="text/html; charset=u=tf-8">
</p>
<pre style="color: rgb(0, 0, 0); font-style: normal; font-variant: =normal; font-weight: normal; letter-spacing: normal; line-height: normal;= orphans: auto; text-align: start; text-indent: 0px; text-transform: none=; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap=: break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - - -= - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<a class="moz-txt-link-freet=ext" href="https://security.gentoo.org/">https://security.gentoo.org/</=a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ImageMagick: Multiple vulnerabilities
Date: June 26, 2016
Bugs: #534106, #562892
ID: 201606-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in ImageMagick including
overflows and possible Denials of Service.

Background
==========
Imagemagick is a collection of tools and libraries for many image
formats.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-gfx/imagemagick < 6.9.0.3 >= 6.9==2E0.3

Description
===========
Multiple vulnerabilities have been discovered in ImageMagick including,
but not limited to, various overflows and potential Denials of Service.
Please visit the references and related bug reports for additional
information.

Impact
======
Remote attackers could potentially perform buffer overflows or conduct
Denials of Service.

Workaround
==========
There is no known workaround at this time.

Resolution
==========
All ImageMagick users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.=3"

References
==========
[ 1 ] Double free in coders/pict.c:2000
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.n=et/ubuntu/+source/imagemagick/+bug/1448803">https://bugs.launchpad.net/ub=untu/+source/imagemagick/+bug/1448803</a>
[ 2 ] Double free in coders/tga.c:221
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.n=et/ubuntu/+source/imagemagick/+bug/1490362">https://bugs.launchpad.net/ub=untu/+source/imagemagick/+bug/1490362</a>
[ 3 ] Imagemagick fuzzing bug
<a class="moz-txt-link-freetext" href="http://www.openwall.com/=lists/oss-security/2014/12/24/1">http://www.openwall.com/lists/oss-securi=ty/2014/12/24/1</a>
[ 4 ] Integer and Buffer overflow in coders/icon.c
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.n=et/ubuntu/+source/imagemagick/+bug/1459747">https://bugs.launchpad.net/ub=untu/+source/imagemagick/+bug/1459747</a>

Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

<a class="moz-txt-link-freetext" href="https://security.gentoo.org/g=lsa/201606-14">https://security.gentoo.org/glsa/201606-14</a>

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
<a class="moz-txt-link-abbreviated" href="mailto:security@gentoo.org"=>security@gentoo.org</a> or alternatively, you may file a bug at
<a class="moz-txt-link-freetext" href="https://bugs.gentoo.org">https=://bugs.gentoo.org</a>.

License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

<a class="moz-txt-link-freetext" href="http://creativecommons.org/lic=enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>

--------------B67287952C203829DC1B5A9A--

--UChtfW70aRPdODkuI14P2mWx7sjG1LpJr--

--4K0PWnpcInJTwN57NvDeVMhFQcwwvH8Jj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

TOP

Mailings :

Last 20

Exploits :

Last 20