Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in rubygem-rmagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in rubygem-rmagick
ID: FEDORA-2017-8f27031c8f
Distribution: Fedora
Plattformen: Fedora 26
Datum: Mi, 20. September 2017, 07:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7516
https://bugzilla.redhat.com/show_bug.cgi?id=1479313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11640
https://bugzilla.redhat.com/show_bug.cgi?id=1410515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7515
https://bugzilla.redhat.com/show_bug.cgi?id=1299275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6823
Applikationen: rubygem-rmagick

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2017-8f27031c8f
2017-09-19 02:41:35.415951
-------------------------------------------------------------------------------
-

Name : rubygem-rmagick
Product : Fedora 26
Version : 2.16.0
Release : 4.fc26.2
URL : https://github.com/rmagick/rmagick
Summary : Ruby binding to ImageMagick
Description :
RMagick is an interface between Ruby and ImageMagick.

-------------------------------------------------------------------------------
-
Update Information:

Many security fixes, bug fixes, and other changes from the previous version
6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagi
ck/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent
packages
are mostly straight rebuilds, a couple also include bugfix version updates.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in
coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1471837
[ 2 ] Bug #1471122 - CVE-2017-10995 ImageMagick: Out-of-bounds heap read in
mng_get_long function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1471122
[ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage
function when processing TGA or VST file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1470670
[ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352
ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1465064
[ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144
ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1455602
[ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory
in RLE decoder [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1453125
[ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1413898
[ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility
when deflating TIFF files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1408404
[ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in
ReadPWPImage function in coders\pwp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1483575
[ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1299275
[ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435
ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1483132
[ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642
CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1483117
[ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429
CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1482655
[ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the
parse8BIMW and format8BIM functions in coders/meta.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1482626
[ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1350462
[ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in
CopyMagickMemory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1361494
[ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959
CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1378790
[ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when
processing crafted tiff file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1361578
[ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in
ReadDCMImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1477566
[ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751
CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1477070
[ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in
ReadMATImage() coders/mat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475486
[ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475471
[ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in
WritePTIFImage() in coders/tiff.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475464
[ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in
ReadTXTImage function in coders/txt.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1474846
[ 25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various
flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1474420
[ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in
ReadRLEImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473848
[ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in
ReadDPXImage function in coders\dpx.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473825
[ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from
uninitialized memory in ReadJPEGImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473802
[ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in
ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473799
[ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't
validade blob sizes of stdin image input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473797
[ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes
denial of service in coders/jpeg.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473775
[ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in
ReadMATImage function in coders\mat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473758
[ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read
in the GetNextToken function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473719
[ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1410515
[ 35 ] Bug #1479313 - synfigstudio doesn't start
https://bugzilla.redhat.com/show_bug.cgi?id=1479313
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade rubygem-rmagick' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung