[gentoo-announce] [ GLSA 201711-07 ] ImageMagick: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201711-07 ] ImageMagick: Multiple vulnerabilities
Date:	Sat, 11 Nov 2017 14:17:44
Message-Id:	`3648877.lfE1JiN4HX@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201711-07

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: ImageMagick: Multiple vulnerabilities

9

     Date: November 11, 2017

10

     Bugs: #626454, #626906, #627036, #628192, #628490, #628646,

11

           #628650, #628700, #628702, #629354, #629482, #629576,

12

           #629932, #630256, #630458, #630674, #635200, #635664, #635666

13

       ID: 201711-07

14

15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

16

17

Synopsis

18

========

19

20

Multiple vulnerabilities have been found in ImageMagick, the worst of

21

which may allow remote attackers to cause a Denial of Service

22

condition.

23

24

Background

25

==========

26

27

A collection of tools and libraries for many image formats.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package              /     Vulnerable     /            Unaffected

34

    -------------------------------------------------------------------

35

  1  media-gfx/imagemagick       < 6.9.9.20               >= 6.9.9.20 

36

37

Description

38

===========

39

40

Multiple vulnerabilities have been discovered in ImageMagick. Please

41

review the referenced CVE identifiers for details.

42

43

Impact

44

======

45

46

Remote attackers, by enticing a user to process a specially crafted

47

file, could obtain sensitive information, cause a Denial of Service

48

condition, or have other unspecified impacts.

49

50

Workaround

51

==========

52

53

There is no known workaround at this time.

54

55

Resolution

56

==========

57

58

All ImageMagick users should upgrade to the latest version:

59

60

  # emerge --sync

61

  # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"

62

63

References

64

==========

65

66

[  1 ] CVE-2017-11640

67

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640

68

[  2 ] CVE-2017-11724

69

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724

70

[  3 ] CVE-2017-12140

71

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140

72

[  4 ] CVE-2017-12418

73

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418

74

[  5 ] CVE-2017-12427

75

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427

76

[  6 ] CVE-2017-12691

77

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691

78

[  7 ] CVE-2017-12692

79

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692

80

[  8 ] CVE-2017-12693

81

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693

82

[  9 ] CVE-2017-12876

83

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876

84

[ 10 ] CVE-2017-12877

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201711-07
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: ImageMagick: Multiple vulnerabilities
9	Date: November 11, 2017
10	Bugs: #626454, #626906, #627036, #628192, #628490, #628646,
11	#628650, #628700, #628702, #629354, #629482, #629576,
12	#629932, #630256, #630458, #630674, #635200, #635664, #635666
13	ID: 201711-07
14
15	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17	Synopsis
18	========
19
20	Multiple vulnerabilities have been found in ImageMagick, the worst of
21	which may allow remote attackers to cause a Denial of Service
22	condition.
23
24	Background
25	==========
26
27	A collection of tools and libraries for many image formats.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 media-gfx/imagemagick < 6.9.9.20 >= 6.9.9.20
36
37	Description
38	===========
39
40	Multiple vulnerabilities have been discovered in ImageMagick. Please
41	review the referenced CVE identifiers for details.
42
43	Impact
44	======
45
46	Remote attackers, by enticing a user to process a specially crafted
47	file, could obtain sensitive information, cause a Denial of Service
48	condition, or have other unspecified impacts.
49
50	Workaround
51	==========
52
53	There is no known workaround at this time.
54
55	Resolution
56	==========
57
58	All ImageMagick users should upgrade to the latest version:
59
60	# emerge --sync
61	# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"
62
63	References
64	==========
65
66	[ 1 ] CVE-2017-11640
67	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640
68	[ 2 ] CVE-2017-11724
69	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724
70	[ 3 ] CVE-2017-12140
71	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140
72	[ 4 ] CVE-2017-12418
73	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418
74	[ 5 ] CVE-2017-12427
75	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427
76	[ 6 ] CVE-2017-12691
77	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691
78	[ 7 ] CVE-2017-12692
79	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692
80	[ 8 ] CVE-2017-12693
81	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693
82	[ 9 ] CVE-2017-12876
83	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876
84	[ 10 ] CVE-2017-12877