Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0338 graphicsmagick security update 30 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: graphicsmagick Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-19953 CVE-2019-19951 CVE-2019-19950 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html https://security-tracker.debian.org/tracker/DLA-2084-1 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : graphicsmagick Version : 1.3.20-3+deb8u8 CVE ID : CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 Three issues have been found in graphicsmagick, a collection of image processing tools. They are basically a heap-based buffer over-read, heap-based buffer overflow and a use-after-free in different functions. For Debian 8 "Jessie", these problems have been fixed in version 1.3.20-3+deb8u8. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4x/VpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdRDA/+NiMgriWaqlMml37foJxRQSD1R4kFnY2JdEBgHGO2UqKoRHHoX0T5xkss zvlRk7/3APhB6qqOQVeGLqKvAc0MhIXShbWIpGjmt575LebnJduBgohks8YiDeai Mm0g1PzzsxUmZUN+HV7NcGzXeiIcymGPFHSGJ8Ya/LFxS540iqrjkh/AOR4vF3e7 FdVIxXk9Wi93pvuHL7JSiU6g+T62YRLBXOgJgMXGkU1uFZMscXqw1ys/Z/wsLXjq L8Bp/usT/vKW+XmU8Fu8A4+U86LZQbsfZFj1B2vuVXF5Beajd5OiG9WDGZG2wnbj iljpoSFniUydGPDfOPk48zmCsIv1337YlmusJ5qkYfqy0Zs4+qaQSCZccoBCvhRZ xBrq3MXfK2WrYYICqKNLZawBtFo9Pz9v6GAVCnlsISMld207JsUToAjBsMWlCy0O WvGnRr5rhR6nTuC93lLhOVaZSfzdgvw1HaLdXxSl24DUAoNGE3XP8bVkp/CR/IrI HyMel6XyjGZDSX+MAwUcLvZO4HJZuLrbuYSrgNoj9cyax8evor08pSaRy3ImRAmR MZ1Yg/p4d1KB7aM0N5vO7a25rHx5ewIclePbeM5hT/WeHiOnEjDaCHaB7Gm/J8bq oM/dWNneU0YLaMXB3Q5HnnHvXb6So9mXHTLsaAgHXOkOcuGtPyU= =MqDJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjIun2aOgq3Tt24GAQg9uhAAtMNYLEXntfbglfhm5vlpGqSEML1/i3am 4j1kYq9IbhrGs9SLxZhVJqeRZv6KXClB9GGW43rFt0SK+qBtu7NLq4Xl5mg4rC3s 5ziUPl/JbEW0DtPvXsZ708jIQ0jVoxoFW146NdVMPc4owq8AEj0gBnwy8RlWIOTg tyt1zA1iS1ehSi42/N4QpSCj7o22gPh/MC4sKJgMWzKLAwMfTi4oqq77diATA0WZ 4vLYKtxTRB/3s5DfPUCLJuq0nBrJ4VSUs99+9Zh6tVZysJ6TOUkvYOPFXtRJeICG cavVGW1IO6Yq10qt8A32oRU/P9XFcE+IqLmufiWkexOZxAbhkQDdIgEXEek7PIQD DA/ss/PbZlLWGi8CXTQp+R0/E0rltMFSAUthpoW45/VEyh3+1zbb+4DRWT5Mch8g VylgaKkyenk8uWhMdsYFsWBrcjPLTWYgXVygne3kCEom6inZMKBG7CSq7pVwDydC XNbXg03ym7HVGBwDbtVVyggvB8lzGiXKkbGvAO8PdN75V52RVqlzRK6ZLCX55DH9 fA2boL4tgWUy45pjizG5hlPweFddFOXZvcvMelfR46iejMVKk8wcoonGo4LH8VGP lTY8XNt5ECC2TG5Cf4HJ5kDhNCSr+B8ZlUS4ECo5dWGFQqFWgsT+bIrmWXASbfNe UjJrcsnCkTI= =3bVO -----END PGP SIGNATURE-----