Login
Newsletter
Werbung

Sicherheit: Denial of Service in php-pecl-imagick
Aktuelle Meldungen Distributionen
Name: Denial of Service in php-pecl-imagick
ID: FEDORA-2019-488d0f9a4b
Distribution: Fedora
Plattformen: Fedora 30
Datum: Do, 16. Mai 2019, 07:25
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11037
Applikationen: php-pecl-imagick

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-488d0f9a4b
2019-05-16 00:50:34.138662
-------------------------------------------------------------------------------
-

Name : php-pecl-imagick
Product : Fedora 30
Version : 3.4.4
Release : 1.fc30
URL : http://pecl.php.net/package/imagick
Summary : Provides a wrapper to the ImageMagick library
Description :
imagick is a native php extension to create and modify images using the
ImageMagick API.

-------------------------------------------------------------------------------
-
Update Information:

**Version 3.4.4** - The 3.4.4 release is intended to be the last release
(other
than small bug fixes) that will support either PHP 5.x, or ImageMagick 6.x. The
next planned release will be PHP > 7.0 and ImageMagick > 7.0 at least, if
not
higher. - **Added:** * function Imagick::optimizeImageTransparency() *
METRIC_STRUCTURAL_SIMILARITY_ERROR * METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD - https://github.com/facebook/zstd * COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK * FILTER_CUBIC_SPLINE - "Define the lobes with
the
-define filter:lobes={2,3,4} (reference https://imagemagick.org/discourse-
server/viewtopic.php?f=2&t=32506)." * Imagick now explicitly
conflicts with
the Gmagick extension. - **Fixes:** * Correct version check to make
RemoveAlphaChannel and FlattenAlphaChannel be available when using Imagick with
ImageMagick version 6.7.8-x * Bug 77128 -
Imagick::setImageInterpolateMethod() not available on Windows * Prevent
memory leak when ImagickPixel::__construct called after object instantiation.
* Prevent segfault when ImagickPixel internal constructor not called. *
Imagick::setResourceLimit support for values larger than 2GB (2^31) on 32bit
platforms. * Corrected memory overwrite in
Imagick::colorDecisionListImage()
* Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. -
**Deprecated:**
* The following functions have been deprecated: - ImagickDraw, matte
- Imagick::averageimages - Imagick::colorfloodfillimage -
Imagick::filter - Imagick::flattenimages -
Imagick::getimageattribute - Imagick::getimagechannelextrema -
Imagick::getimageclipmask - Imagick::getimageextrema -
Imagick::getimageindex - Imagick::getimagematte -
Imagick::getimagemattecolor - Imagick::getimagesize -
Imagick::mapimage - Imagick::mattefloodfillimage -
Imagick::medianfilterimage - Imagick::mosaicimages -
Imagick::orderedposterizeimage - Imagick::paintfloodfillimage -
Imagick::paintopaqueimage - Imagick::painttransparentimage -
Imagick::radialblurimage - Imagick::recolorimage -
Imagick::reducenoiseimage - Imagick::roundcornersimage -
Imagick::roundcorners - Imagick::setimageattribute -
Imagick::setimagebias - Imagick::setimageclipmask -
Imagick::setimageindex - Imagick::setimagemattecolor -
Imagick::setimagebiasquantum - Imagick::setimageopacity -
Imagick::transformimage
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue May 7 2019 Remi Collet <remi@remirepo.net> - 3.4.4-1
- update to 3.4.4
- drop patch merged upstream
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1708570 - CVE-2019-11037 php-imagick: out-of-bounds write to
memory in ImagickKernel::fromMatrix() leading to possible crash and DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1708570
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-488d0f9a4b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung