ESB-2018.2052 - [Debian] imagemagick: Multiple vulnerabilities 2018-07-16

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2052
                        imagemagick security update
                               16 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           imagemagick
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-12600 CVE-2018-12599 CVE-2018-11251
                   CVE-2018-5248  

Reference:         ESB-2018.1748
                   ESB-2018.1542
                   ESB-2018.0291
                   ESB-2018.0212

Original Bulletin: 
   https://www.debian.org/security/2018/dsa-4245

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4245-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 14, 2018                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2018-5248 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600

This update fixes several vulnerabilities in Imagemagick, a graphical
software suite. Various memory handling problems or incomplete input
sanitising could result in denial of service or the execution of
arbitrary code.
	       
For the stable distribution (stretch), these problems have been fixed in
version 8:6.9.7.4+dfsg-11+deb9u5.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltKRQIACgkQEMKTtsN8
TjbvmQ//Tv1E6dLLhkQ+qh4k9Ptf7f5Uwn772th7Cj+rXhHRl43g5ZZjJ68VcTMz
0VZnGrObK0M0PVzdbPfI3Yb97obuH3EYukY2FOGMMqaJtUV61oU0ppFBsAzwTSWw
EvpF5FLvYia3sjLKfEdFrFsM2TkAOgfDnAvEVKFWCSR2P+SWcWjZKwKZ3FM4bgB8
j7nGGZguIof0Z1w5XdB4+8CjnMl+MczP9P6AKnq5G8jj46rmiZyVU15tc3j2rY8K
0o7DJZ+rP8DCpSaAoes6vxHsLg3mVQlY/M9WJpnbjzx1ftlmaqXduQEMBkgnF2ND
sR+chNExXjzxWzuDbR850rGC4mq0TeRYCK4bKogPosDn1hqGZg1BYuZw6Dz0uxmC
29385tgZWiUDSBWwTEtytU3Qxd25yo2jlqeQU4Q00s4IgzDfV2V3lSEu2Nch34us
26tv3fH9WvNYrw/ZiUUtUAhhIrfYfJuG8XVi+oHoIjFWdU3bzPljFrQhKMk6F//V
pIZeYpXPxWjWwLK2HE951Fratj+rg1YfkleoXr6PfnrE6WlXwMy6YZ9UZF+902Wa
JFzQtZpz33pt4Rh/OoMi9S6IL7Y89LDL60ZehyeWVcWYuPQ03qTrSZ3wceFnH36W
PJNsw3/4ZnzKU7l6nu93sUKanCtIENAA1OwwoxNpTNhglJa7gtc=
=Faza
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW0vsFmaOgq3Tt24GAQgy2g//UVWg69s6OtaOQYvYBw4IgN7FicpP3Mo3
sOKFBu5mt9kqWxMOfrVg4Nuip2s6if7LipLTAe7j4lNfZy0ONTj1PaFQ16qsKmDM
6ho9Biych7qRh5IHty5w/8sWIhgOZLl3usfPgbvjLxgmOuKz+xFIJ7Au4Ue1OL+s
bolYGBiV8ukekWkK3CzrHN66kP3hwXjPfLfcU+e7A1xbI0XcNyGlhyNHEWnD8jF+
MuSndTYN/LHPZbLhBMIWJlKBhMs+iQGG3GktNn0mF5ASM0OxhUncGtoSg6pJiCMn
da68Njn4Mc4d4g3GHXoeAWQCd9UvjW9BPDP9jEXqW9EYuM/NAfuYGKW7tG2W3owP
0THsbdX1RhFAVLtJ8+mEtpQGeznugJbBz35xP4Iirb2tc5Iru5gwX2KtYwYZcuFM
7ivl2vBhZxKcTHaQHfLSGClSEHyux6K9rypFDE1NxcKc1e8UaD7hAnBA4qnX6Zmo
pTBfRVMeABbuzitRZfqwW/T0sGB7BSDmJFdr1ZCIDrkgusBnFLR9bguIUenoEw71
YgpLrFOKiM0Hyufh80PHDydcXTrsit2zeNX5W0T++Y6S+Xtjn1a9ttsimvbsLrQg
KBWpuXuAJAUD/zJz/EG+iKIycpbefCFA/iK+y3zZypyJ3/xVoVWAjN/AUmA3/oZU
L+qc6/4AMsY=
=D2Ru
-----END PGP SIGNATURE-----

« Back to bulletins