Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201702-09 ] ImageMagick: Multiple vulnerabilities
Date: Fri, 17 Feb 2017 08:15:10
Message-Id: c3356b6f-d41a-7bda-fc41-ad2306cd3b93@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201702-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: ImageMagick: Multiple vulnerabilities
9 Date: February 17, 2017
10 Bugs: #599744, #606654
11 ID: 201702-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in ImageMagick, the worst of
19 which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 ImageMagick is a collection of tools and libraries for many image
25 formats.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-gfx/imagemagick < 6.9.7.4 >= 6.9.7.4
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in ImageMagick. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker, by enticing a user to process a specially crafted
45 image file, could execute arbitrary code with the privileges of the
46 process or cause a Denial of Service condition.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All ImageMagick users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.7.4"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2016-10144
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10144
66 [ 2 ] CVE-2016-10145
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10145
68 [ 3 ] CVE-2016-10146
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10146
70 [ 4 ] CVE-2016-9298
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9298
72 [ 5 ] CVE-2017-5506
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5506
74 [ 6 ] CVE-2017-5507
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5507
76 [ 7 ] CVE-2017-5508
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5508
78 [ 8 ] CVE-2017-5509
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5509
80 [ 9 ] CVE-2017-5510
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5510
82 [ 10 ] CVE-2017-5511
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5511
84
85 Availability
86 ============
87
88 This GLSA and any updates to it are available for viewing at
89 the Gentoo Security Website:
90
91 https://security.gentoo.org/glsa/201702-09
92
93 Concerns?
94 =========
95
96 Security is a primary focus of Gentoo Linux and ensuring the
97 confidentiality and security of our users' machines is of utmost
98 importance to us. Any security concerns should be addressed to
99 security@g.o or alternatively, you may file a bug at
100 https://bugs.gentoo.org.
101
102 License
103 =======
104
105 Copyright 2017 Gentoo Foundation, Inc; referenced text
106 belongs to its owner(s).
107
108 The contents of this document are licensed under the
109 Creative Commons - Attribution / Share Alike license.
110
111 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups