Login
Newsletter
Werbung
Sicherheit: Denial of Service in php-pecl-imagick
Aktuelle Meldungen Distributionen
Name: Denial of Service in php-pecl-imagick
ID: FEDORA-2019-9448fa46f3
Distribution: Fedora
Plattformen: Fedora 28
Datum: Do, 16. Mai 2019, 07:24
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11037
Applikationen: php-pecl-imagick

Originalnachricht

 
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-9448fa46f3
2019-05-16 02:22:33.084296
-------------------------------------------------------------------------------
-

Name        : php-pecl-imagick
Product     : Fedora 28
Version     : 3.4.4
Release     : 1.fc28
URL         : http://pecl.php.net/package/imagick
Summary     : Provides a wrapper to the ImageMagick library
Description :
imagick is a native php extension to create and modify images using the
ImageMagick API.

-------------------------------------------------------------------------------
-
Update Information:

**Version 3.4.4**  - The 3.4.4 release is intended to be the last release
 (other
than small bug fixes) that will support either PHP 5.x, or ImageMagick 6.x. The
next planned release will be PHP > 7.0 and ImageMagick > 7.0 at least, if
 not
higher. - **Added:**     * function Imagick::optimizeImageTransparency()     *
METRIC_STRUCTURAL_SIMILARITY_ERROR     * METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD - https://github.com/facebook/zstd     * COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK     * FILTER_CUBIC_SPLINE - "Define the lobes with
 the
-define filter:lobes={2,3,4} (reference https://imagemagick.org/discourse-
server/viewtopic.php?f=2&t=32506)."     * Imagick now explicitly
 conflicts with
the Gmagick extension. - **Fixes:**     * Correct version check to make
RemoveAlphaChannel and FlattenAlphaChannel be available when using Imagick with
ImageMagick version 6.7.8-x     * Bug 77128 -
Imagick::setImageInterpolateMethod() not available on Windows     * Prevent
memory leak when ImagickPixel::__construct called after object instantiation.
* Prevent segfault when ImagickPixel internal constructor not called.     *
Imagick::setResourceLimit support for values larger than 2GB (2^31) on 32bit
platforms.     * Corrected memory overwrite in
 Imagick::colorDecisionListImage()
* Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. -
 **Deprecated:**
* The following functions have been deprecated:         - ImagickDraw, matte
- Imagick::averageimages         - Imagick::colorfloodfillimage         -
Imagick::filter         - Imagick::flattenimages         -
Imagick::getimageattribute         - Imagick::getimagechannelextrema         -
Imagick::getimageclipmask         - Imagick::getimageextrema         -
Imagick::getimageindex         - Imagick::getimagematte         -
Imagick::getimagemattecolor         - Imagick::getimagesize         -
Imagick::mapimage         - Imagick::mattefloodfillimage         -
Imagick::medianfilterimage         - Imagick::mosaicimages         -
Imagick::orderedposterizeimage         - Imagick::paintfloodfillimage         -
Imagick::paintopaqueimage         - Imagick::painttransparentimage         -
Imagick::radialblurimage         - Imagick::recolorimage         -
Imagick::reducenoiseimage         - Imagick::roundcornersimage         -
Imagick::roundcorners         - Imagick::setimageattribute         -
Imagick::setimagebias         - Imagick::setimageclipmask         -
Imagick::setimageindex         - Imagick::setimagemattecolor         -
Imagick::setimagebiasquantum         - Imagick::setimageopacity         -
Imagick::transformimage
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue May  7 2019 Remi Collet <remi@remirepo.net> - 3.4.4-1
- update to 3.4.4
- drop patch merged upstream
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1708570 - CVE-2019-11037 php-imagick: out-of-bounds write to
 memory in ImagickKernel::fromMatrix() leading to possible crash and DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=1708570
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-9448fa46f3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung