1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory GLSA 201711-07 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
https://security.gentoo.org/ |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: Normal |
8 |
Title: ImageMagick: Multiple vulnerabilities |
9 |
Date: November 11, 2017 |
10 |
Bugs: #626454, #626906, #627036, #628192, #628490, #628646, |
11 |
#628650, #628700, #628702, #629354, #629482, #629576, |
12 |
#629932, #630256, #630458, #630674, #635200, #635664, #635666 |
13 |
ID: 201711-07 |
14 |
|
15 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
16 |
|
17 |
Synopsis |
18 |
======== |
19 |
|
20 |
Multiple vulnerabilities have been found in ImageMagick, the worst of |
21 |
which may allow remote attackers to cause a Denial of Service |
22 |
condition. |
23 |
|
24 |
Background |
25 |
========== |
26 |
|
27 |
A collection of tools and libraries for many image formats. |
28 |
|
29 |
Affected packages |
30 |
================= |
31 |
|
32 |
------------------------------------------------------------------- |
33 |
Package / Vulnerable / Unaffected |
34 |
------------------------------------------------------------------- |
35 |
1 media-gfx/imagemagick < 6.9.9.20 >= 6.9.9.20 |
36 |
|
37 |
Description |
38 |
=========== |
39 |
|
40 |
Multiple vulnerabilities have been discovered in ImageMagick. Please |
41 |
review the referenced CVE identifiers for details. |
42 |
|
43 |
Impact |
44 |
====== |
45 |
|
46 |
Remote attackers, by enticing a user to process a specially crafted |
47 |
file, could obtain sensitive information, cause a Denial of Service |
48 |
condition, or have other unspecified impacts. |
49 |
|
50 |
Workaround |
51 |
========== |
52 |
|
53 |
There is no known workaround at this time. |
54 |
|
55 |
Resolution |
56 |
========== |
57 |
|
58 |
All ImageMagick users should upgrade to the latest version: |
59 |
|
60 |
# emerge --sync |
61 |
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20" |
62 |
|
63 |
References |
64 |
========== |
65 |
|
66 |
[ 1 ] CVE-2017-11640 |
67 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640 |
68 |
[ 2 ] CVE-2017-11724 |
69 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724 |
70 |
[ 3 ] CVE-2017-12140 |
71 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140 |
72 |
[ 4 ] CVE-2017-12418 |
73 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418 |
74 |
[ 5 ] CVE-2017-12427 |
75 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427 |
76 |
[ 6 ] CVE-2017-12691 |
77 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691 |
78 |
[ 7 ] CVE-2017-12692 |
79 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692 |
80 |
[ 8 ] CVE-2017-12693 |
81 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693 |
82 |
[ 9 ] CVE-2017-12876 |
83 |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876 |
84 |
[ 10 ] CVE-2017-12877 |