Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2249 graphicsmagick security update 3 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: graphicsmagick Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-9018 CVE-2018-6799 CVE-2018-5685 CVE-2017-18231 CVE-2017-18229 CVE-2017-18220 CVE-2017-18219 CVE-2017-16545 CVE-2017-16352 CVE-2017-15930 CVE-2017-14997 CVE-2017-14994 CVE-2017-14504 CVE-2017-13776 CVE-2017-13775 CVE-2017-13737 CVE-2017-12935 CVE-2017-11642 CVE-2017-11641 CVE-2017-11637 CVE-2017-11403 CVE-2017-11140 CVE-2017-11102 CVE-2017-9098 CVE-2017-6335 CVE-2017-1823 CVE-2017-1654 CVE-2017-1527 CVE-2017-1377 CVE-2017-1293 CVE-2017-1163 CVE-2016-5239 Reference: ESB-2018.1883 ESB-2018.1828 ESB-2018.1787 ESB-2018.1748 ESB-2018.1671 ESB-2018.1542 ASB-2017.0219 ESB-2018.2183.2 Original Bulletin: https://security-tracker.debian.org/tracker/DLA-1456-1 - --------------------------BEGIN INCLUDED TEXT-------------------- Package : graphicsmagick Version : 1.3.20-3+deb8u4 CVE ID : CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547 CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018 Debian Bug : 867746 870153 870154 870156 870155 872576 872575 878511 878578 862967 879999 Various vulnerabilities were discovered in graphicsmagick, a collection of image processing tools and associated libraries, resulting in denial of service, information disclosure, and a variety of buffer overflows and overreads. For Debian 8 "Jessie", these problems have been fixed in version 1.3.20-3+deb8u4. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW2PUiGaOgq3Tt24GAQi5AQ/6A9KApbeGSTP7plnGasB8DVDzHFO1rYhz uE5TFGx0uZqSPWjV3Gfq4O/Q71KlMAMHxBKaps7pZvXZYMuCIupv8NekaGGuV5ly bG5KpyzhaJ5E3MItfAwxaBdFukfxCHj0qyv3QH9oLiSmnDOzsPn6jfdQ4jkSLhsf bPsDraoN0vak8O/t0i2quOboa6DDQQlfqddSR1EgNzmRKW2Q8iIVA0Njr1RZpoza GVEGgSRkb07Dy7eXTcd8FOEIPmVQuzBeHolqKPyahZtG5F1yzEOEh7rNlzJ5JRZT MmEVygMELMbJ3QIo/+30XmmA2OZ95qIP8irAnNtHaN62DjfeE/0vjriTY3S07agc Mkfv53rEDYquC9nre2Az2Y9CJnEv31Bv07U1cCY1ynNmBkwOHPPjzBNv/Eak4E6v GwJ76lC1vAlItC9x7ZUGpAhIVumF12nRovDoRIHPFFmH/+awKxPPng4kXtcAK8Xx +AakBvC0TY85QUUe2LqIwumeWv+1ffIt2rIXijfQ+y1CKK8G10PnNeNWJwvOiWeb 0GCaVQ9OY6cA/jTWqydyuASXGNQuAPFZ2C05mh5gE/K+iKbrFpPkZCY8ZA0/iv4U +1sAZzMBthtR+1qSq/6sEKCNu2kINKOigFyiarhP9g/BmI1teNW18O1fpYgNULfj iZb2aLwoMvs= =1CdX -----END PGP SIGNATURE-----