drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ImageMagick
Name: |
Mehrere Probleme in ImageMagick |
|
ID: |
201606-14 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 26. Juni 2016, 16:44 |
|
Referenzen: |
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
http://www.openwall.com/lists/oss-security/2014/12/24/1
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4K0PWnpcInJTwN57NvDeVMhFQcwwvH8Jj Content-Type: multipart/mixed; boundary="UChtfW70aRPdODkuI14P2mWx7sjG1LpJr" From: Aaron Bauman <bman@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <2f815409-9973-1cdb-28b0-a32a72797423@gentoo.org> Subject: [ GLSA 201606-14 ] ImageMagick: Multiple vulnerabilities
--UChtfW70aRPdODkuI14P2mWx7sjG1LpJr Content-Type: multipart/alternative; boundary="------------B67287952C203829DC1B5A9A"
This is a multi-part message in MIME format. --------------B67287952C203829DC1B5A9A Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: ImageMagick: Multiple vulnerabilities Date: June 26, 2016 Bugs: #534106, #562892 ID: 201606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service.
Background ==========
Imagemagick is a collection of tools and libraries for many image formats.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/imagemagick < 6.9.0.3 >= 6.9.0.3
Description ===========
Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service. Please visit the references and related bug reports for additional information.
Impact ======
Remote attackers could potentially perform buffer overflows or conduct Denials of Service.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All ImageMagick users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.0.3"
References ==========
[ 1 ] Double free in coders/pict.c:2000 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 [ 2 ] Double free in coders/tga.c:221 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 [ 3 ] Imagemagick fuzzing bug http://www.openwall.com/lists/oss-security/2014/12/24/1 [ 4 ] Integer and Buffer overflow in coders/icon.c https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-14
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------B67287952C203829DC1B5A9A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
<html> <head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf= -8"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> <p> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Du= tf-8"> </p> <pre style=3D"color: rgb(0, 0, 0); font-style: normal; font-variant: = normal; font-weight: normal; letter-spacing: normal; line-height: normal;= orphans: auto; text-align: start; text-indent: 0px; text-transform: none= ; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap= : break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - - -= - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <a class=3D"moz-txt-link-freet= ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</= a> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: ImageMagick: Multiple vulnerabilities Date: June 26, 2016 Bugs: #534106, #562892 ID: 201606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis =3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service.
Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Imagemagick is a collection of tools and libraries for many image formats.
Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/imagemagick < 6.9.0.3 >=3D 6.9= =2E0.3=20
Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been discovered in ImageMagick including, but not limited to, various overflows and potential Denials of Service. Please visit the references and related bug reports for additional information.
Impact =3D=3D=3D=3D=3D=3D
Remote attackers could potentially perform buffer overflows or conduct Denials of Service.
Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
There is no known workaround at this time.
Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
All ImageMagick users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=3Dmedia-gfx/imagemagick-6.9.0.= 3"
References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[ 1 ] Double free in coders/pict.c:2000 <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.launchpad.n= et/ubuntu/+source/imagemagick/+bug/1448803">https://bugs.launchpad.net/ub= untu/+source/imagemagick/+bug/1448803</a> [ 2 ] Double free in coders/tga.c:221 <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.launchpad.n= et/ubuntu/+source/imagemagick/+bug/1490362">https://bugs.launchpad.net/ub= untu/+source/imagemagick/+bug/1490362</a> [ 3 ] Imagemagick fuzzing bug <a class=3D"moz-txt-link-freetext" href=3D"http://www.openwall.com/= lists/oss-security/2014/12/24/1">http://www.openwall.com/lists/oss-securi= ty/2014/12/24/1</a> [ 4 ] Integer and Buffer overflow in coders/icon.c <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.launchpad.n= et/ubuntu/+source/imagemagick/+bug/1459747">https://bugs.launchpad.net/ub= untu/+source/imagemagick/+bug/1459747</a>
Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
<a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g= lsa/201606-14">https://security.gentoo.org/glsa/201606-14</a>
Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:security@gentoo.org"= >security@gentoo.org</a> or alternatively, you may file a bug at <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https= ://bugs.gentoo.org</a>.
License =3D=3D=3D=3D=3D=3D=3D
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic= enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre> </body> </html>
--------------B67287952C203829DC1B5A9A--
--UChtfW70aRPdODkuI14P2mWx7sjG1LpJr--
--4K0PWnpcInJTwN57NvDeVMhFQcwwvH8Jj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1
iQJ8BAEBCgBmBQJXb95HXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5 RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/MmkP/0aLj3vK7gXH8iQDA0vqQWB6 nivHjV4FBK9wCOyjnK9JJrIqhoV3JXKOi1p6/xvnSZGW1W2PV7/UQAKf6qN6irOe VSb4khXS+Hzm48ZpGfKFjiRlQ/6saArolQIUfLcL7tAE48Q+rVt5HSf6UzSWWN2v aElPlOM9R9Z27Uj0Ms+9F76Z1krgNclxkjnEs/xGx1FhNYFgoY2AWvHry5sC7k2+ F4z0Pny4KoPHN7gYUzMOK03+4U+6dCFc5A8fXsGTBG6oAbSWWKysbs1D+r3VfdMw TBfTbwLTsS6l56E4SWCzRUOBBjrPUug4LNpJb3R3FpP+IjzjtWL1rWMb1MxEwtr5 4DXlmL9bvTQHxB+4BODh4pmWmoIS+Ih4ZcYqFcyLqa+Xq0zqVJDwCKQdLJ6vIgru iUdqqOD9IROXCnw+PHK727WSoKSuJrmBecDrdKxJlIaqoqQlvIxSpierU2yOhWrK Is5NEevvN0nYR0cDn4TD+sbeAQOeW8ykZ1HvfRwzTvbpNKLonG/dex7Nxy2AapXn Q8lWpTr23mokjHuB1IFONEZiQXaSLyZoGZOKUQ+QJsqtk9XHZ5uVsp+G/VF8fQ/F lEZKdE2AreAhjCtpYqqFim34xz8oYSJMmYscMf7JTqy36HTun+IOfpndYZIFUk8i O5Xf1pxto8+jYctBQIZj =uey9 -----END PGP SIGNATURE-----
--4K0PWnpcInJTwN57NvDeVMhFQcwwvH8Jj--
|
|
|
|