Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2290
imagemagick security update
3 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: imagemagick
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-19948 CVE-2019-15140 CVE-2019-13307
CVE-2019-13306 CVE-2019-13304 CVE-2019-13300
Reference: ESB-2020.2252
ESB-2020.1142
ESB-2020.0576
ESB-2020.0023
ESB-2019.3155
Original Bulletin:
http://www.debian.org/security/2020/dsa-4715
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4715-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 02, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : imagemagick
CVE ID : CVE-2019-13300 CVE-2019-13304 CVE-2019-13306 CVE-2019-13307
CVE-2019-15140 CVE-2019-19948
This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.
For the oldstable distribution (stretch), these problems have been fixed
in version 8:6.9.7.4+dfsg-11+deb9u8.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7+KI0ACgkQEMKTtsN8
TjYf6BAAuE+XSVJzQMenV4PJvbbDAoMP1p23VpHP9W2i7yxf1zF+KC9ouNWlQDue
eX8cg2NqbN2mnvk7deCK3Ngxlx+oMYXl9eiCF2cjbdXeFoK8E4F/15slSn1bMb6z
C6hrrpqE1Omx0kefUhBSSQ2C+RLowvPJjpTqlnYe10GygRUMMpRVS+aO5HjLZQVb
8cLvlLiWUCRKU0nsosLh3cvFz/OsW7PJ+uU7SJJQkfrwJiKi00JjDW+LFYlag/CH
VAt4opWfN1gZW/sBxGbA77qB+r1MFyfBU3d9yi4mWRl7HyS34LFL87Xl8lKkj5sN
/g4afp92UQHB4G82JvFgqJcup+zvHUK8KNcQN76fowchaugoTxg8xZsuJB5zun1j
YKfFc1JJwwa3PBjFktz0iRJYE2PpvfccX2TdtyLPMSqIvfN3oifG2Wl/rsI6hLkn
vAnaGuDuFY6HqVytNmQ5vZ0nOEPMz2OX0H1fGZzcIQrL1fO0wmPldLZulGiPbVr4
s4o1o/UlL8fgepA4eGFwzQmhie3ZR9PtNPMcfKLDv1ZS7kZA6Q3pwj89fWKmV8Cc
GrdtByzLz//cBxhPNbdXYNr4KXEMCd1+fIY+etIEJ5z+PsFCJkG2nSbScjSdBJpq
3pDqW5w2mphOszZo5U3pe49r0wq0spoiTWOOqulgk9k0iWSU57w=
=fL5E
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXv6lpuNLKJtyKPYoAQitLhAAjYN9gRB51pGD86/PTyjR2JpqGN6w8EhF
ThcOQF9esN2FqjARk1R/IbTTl9mBH2qQXoKMez1ZeX7LxkPhsbEzJAAbPg2izgTO
z2mdiXI68kMCliKRg/bkzlhFiGWn+0ayODvzRH/suhUxglBtkwa2KUA1m/YUNF4s
nYdn0WGajG6/8c/2riSlFDlhCzxPuytj2BbbF3/bej7arghGrrLNg2GhpfPMGUn+
ictk6+sZ8ThJ3t/GzZL9jz+SyA5QLp7nVNVQJt6BC04eN0R5izgFwRuMiou+WpuC
CekctY/ShoW1yqUf8HoymmNYo2oYVmlQd4KOao/i3x/zx86G8F98yo1V3+Lk1TVt
wflhZaxLp4vPrsn+Q6LW+VvoK7qArpGEix8XTO02Db1l6AjAW4HYyKoDkyDP65CV
EIusyAJUtSX1UnVXmNkaZf1c3fd1ZBx7AqoNPJ4kv+hpiPbR4gj5QdroxxlpvSap
uxN3Zgxibjf6WpqFxpFgx8S0frgH3xkFLiiXJ50/gcSBYbU5SA3vwWcQy2ubD9nF
snVwUqVujVDitqlgZDpDA4BKc1ntCAsTRS+6oi29Su3/1CVnVFzE7cgS0MdKzRpv
OUfd8WL1svhuvoOAGOHVJiznNBS+Kps/Bild2h4arux2a1Fw14T4Z6FlTAfPru7b
DWIltd/tRck=
=Rkla
-----END PGP SIGNATURE-----