[SECURITY] [DLA 1394-1] imagemagick security update

2018-06-2618:02:15

lists.debian.org

130

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u13
CVE ID : CVE-2018-11251 CVE-2018-12599 CVE-2018-12600

Several security vulnerabilities were discovered in ImageMagick, an
image manipulation program, that allow remote attackers to cause denial
of service (application crash) or out of bounds memory access via
crafted SUN, BMP, or DIB image files.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u13.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9mips64elimagemagick-6.q16< 8:6.9.7.4+dfsg-11+deb9u5imagemagick-6.q16_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian9s390xlibmagick++-6.q16-dev< 8:6.9.7.4+dfsg-11+deb9u5libmagick++-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u5_s390x.deb
Debian9mips64ellibmagickwand-6.q16-3-dbgsym< 8:6.9.7.4+dfsg-11+deb9u5libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian9armellibimage-magick-q16-perl< 8:6.9.7.4+dfsg-11+deb9u5libimage-magick-q16-perl_8:6.9.7.4+dfsg-11+deb9u5_armel.deb
Debian9mipslibmagickcore-6.q16-3< 8:6.9.7.4+dfsg-11+deb9u5libmagickcore-6.q16-3_8:6.9.7.4+dfsg-11+deb9u5_mips.deb
Debian9amd64libmagickwand-6.q16-dev< 8:6.9.7.4+dfsg-11+deb9u5libmagickwand-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u5_amd64.deb
Debian9mips64ellibmagickwand-6.q16hdri-3< 8:6.9.7.4+dfsg-11+deb9u5libmagickwand-6.q16hdri-3_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian7amd64perlmagick< 8:6.7.7.10-5+deb7u22perlmagick_8:6.7.7.10-5+deb7u22_amd64.deb
Debian9mips64ellibimage-magick-q16hdri-perl-dbgsym< 8:6.9.7.4+dfsg-11+deb9u5libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian7armhflibmagick++5< 8:6.7.7.10-5+deb7u22libmagick++5_8:6.7.7.10-5+deb7u22_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips64el	imagemagick-6.q16	< 8:6.9.7.4+dfsg-11+deb9u5	imagemagick-6.q16_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian	9	s390x	libmagick++-6.q16-dev	< 8:6.9.7.4+dfsg-11+deb9u5	libmagick++-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u5_s390x.deb
Debian	9	mips64el	libmagickwand-6.q16-3-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u5	libmagickwand-6.q16-3-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian	9	armel	libimage-magick-q16-perl	< 8:6.9.7.4+dfsg-11+deb9u5	libimage-magick-q16-perl_8:6.9.7.4+dfsg-11+deb9u5_armel.deb
Debian	9	mips	libmagickcore-6.q16-3	< 8:6.9.7.4+dfsg-11+deb9u5	libmagickcore-6.q16-3_8:6.9.7.4+dfsg-11+deb9u5_mips.deb
Debian	9	amd64	libmagickwand-6.q16-dev	< 8:6.9.7.4+dfsg-11+deb9u5	libmagickwand-6.q16-dev_8:6.9.7.4+dfsg-11+deb9u5_amd64.deb
Debian	9	mips64el	libmagickwand-6.q16hdri-3	< 8:6.9.7.4+dfsg-11+deb9u5	libmagickwand-6.q16hdri-3_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian	7	amd64	perlmagick	< 8:6.7.7.10-5+deb7u22	perlmagick_8:6.7.7.10-5+deb7u22_amd64.deb
Debian	9	mips64el	libimage-magick-q16hdri-perl-dbgsym	< 8:6.9.7.4+dfsg-11+deb9u5	libimage-magick-q16hdri-perl-dbgsym_8:6.9.7.4+dfsg-11+deb9u5_mips64el.deb
Debian	7	armhf	libmagick++5	< 8:6.7.7.10-5+deb7u22	libmagick++5_8:6.7.7.10-5+deb7u22_armhf.deb