Lucene search

DebianDEBIAN:DSA-2462-2:3EE8E

HistoryMay 03, 2012 - 9:53 p.m.

[SECURITY] [DSA 2462-2] imagemagick regression update

2012-05-0321:53:43

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON

Debian Security Advisory DSA-2462-2 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
May 3, 2012 http://www.debian.org/security/faq

Package : imagemagick
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186
CVE-2012-1610 CVE-2012-1798

The initial update introduced a regression, which could lead to errors
when processing some JPEG files.

For the stable distribution (squeeze), this problem has been fixed in
version 6.6.0.4-3+squeeze3.

We recommend that you upgrade your imagemagick packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6sparcimagemagick-dbg< 8:6.6.0.4-3+squeeze3imagemagick-dbg_8:6.6.0.4-3+squeeze3_sparc.deb
Debian6s390libmagickcore3< 8:6.6.0.4-3+squeeze3libmagickcore3_8:6.6.0.4-3+squeeze3_s390.deb
Debian6amd64libmagickcore3-extra< 8:6.6.0.4-3+squeeze3libmagickcore3-extra_8:6.6.0.4-3+squeeze3_amd64.deb
Debian6sparclibmagick++3< 8:6.6.0.4-3+squeeze3libmagick++3_8:6.6.0.4-3+squeeze3_sparc.deb
Debian6kfreebsd-amd64libmagickwand3< 8:6.6.0.4-3+squeeze3libmagickwand3_8:6.6.0.4-3+squeeze3_kfreebsd-amd64.deb
Debian6amd64libmagickcore-dev< 8:6.6.0.4-3+squeeze3libmagickcore-dev_8:6.6.0.4-3+squeeze3_amd64.deb
Debian6kfreebsd-i386libmagickwand3< 8:6.6.0.4-3+squeeze3libmagickwand3_8:6.6.0.4-3+squeeze3_kfreebsd-i386.deb
Debian6mipsperlmagick< 8:6.6.0.4-3+squeeze3perlmagick_8:6.6.0.4-3+squeeze3_mips.deb
Debian6kfreebsd-amd64libmagickwand-dev< 8:6.6.0.4-3+squeeze3libmagickwand-dev_8:6.6.0.4-3+squeeze3_kfreebsd-amd64.deb
Debian6ia64libmagickwand3< 8:6.6.0.4-3+squeeze3libmagickwand3_8:6.6.0.4-3+squeeze3_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	sparc	imagemagick-dbg	< 8:6.6.0.4-3+squeeze3	imagemagick-dbg_8:6.6.0.4-3+squeeze3_sparc.deb
Debian	6	s390	libmagickcore3	< 8:6.6.0.4-3+squeeze3	libmagickcore3_8:6.6.0.4-3+squeeze3_s390.deb
Debian	6	amd64	libmagickcore3-extra	< 8:6.6.0.4-3+squeeze3	libmagickcore3-extra_8:6.6.0.4-3+squeeze3_amd64.deb
Debian	6	sparc	libmagick++3	< 8:6.6.0.4-3+squeeze3	libmagick++3_8:6.6.0.4-3+squeeze3_sparc.deb
Debian	6	kfreebsd-amd64	libmagickwand3	< 8:6.6.0.4-3+squeeze3	libmagickwand3_8:6.6.0.4-3+squeeze3_kfreebsd-amd64.deb
Debian	6	amd64	libmagickcore-dev	< 8:6.6.0.4-3+squeeze3	libmagickcore-dev_8:6.6.0.4-3+squeeze3_amd64.deb
Debian	6	kfreebsd-i386	libmagickwand3	< 8:6.6.0.4-3+squeeze3	libmagickwand3_8:6.6.0.4-3+squeeze3_kfreebsd-i386.deb
Debian	6	mips	perlmagick	< 8:6.6.0.4-3+squeeze3	perlmagick_8:6.6.0.4-3+squeeze3_mips.deb
Debian	6	kfreebsd-amd64	libmagickwand-dev	< 8:6.6.0.4-3+squeeze3	libmagickwand-dev_8:6.6.0.4-3+squeeze3_kfreebsd-amd64.deb
Debian	6	ia64	libmagickwand3	< 8:6.6.0.4-3+squeeze3	libmagickwand3_8:6.6.0.4-3+squeeze3_ia64.deb