Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2041 imagemagick security update 26 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: imagemagick Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-6491 CVE-2016-5842 CVE-2016-5841 CVE-2016-5691 CVE-2016-5690 CVE-2016-5689 CVE-2016-5688 CVE-2016-5687 CVE-2016-5010 CVE-2016-4564 CVE-2016-4563 CVE-2016-4562 Reference: ESB-2016.1705 Original Bulletin: http://www.debian.org/security/2016/dsa-3652 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3652-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 25, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 Debian Bugs : 832885 832887 832888 832968 833003 832474 832475 832464 832465 832467 832457 832461 832469 832482 832483 832504 832633 832776 832780 832787 832789 823750 832455 832478 832480 832506 832785 832793 832942 832944 832890 833044 833043 833042 831034 833099 833101 827643 833812 833744 833743 833735 833732 833730 834183 834501 834163 834504 This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your imagemagick packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXv1pNAAoJEBDCk7bDfE42cskP/0HsHR3ttFJ8rn8a7Mbwc8tu 359/a6zFrNVbBY29WbvtMlmJ4qY8J81OrkMHNVzXsUWlNgFOnNovuMGp2P+T+D8x 3MKZ1ZNUrhbylljknZw/Gp2nZYVWTQuYBZEmk3x/sFfEx3DsyViNltReXUXX87h2 8WAo0qGbAGzAyeQ19JJ/WDCKVM4e61O7TQkss4NY1f1u610j3lG1JzygYUATdcJw G9E/W2llw/H9owNK7CtV6y/sL8VfSf/KnYL3erl7M6CzyaJfMLVRaJzbolHlkmW6 oMZxkD3BQBSk1zf2S6LJSYjez6ipbSNpTUuE1U3LS/Yqu3gdQ96m9qhDJgXpLBcj mKDWekjH4Ep5gDS44AhxpvHu305j1/2mMl/9H3gzFe1MLKMQpSQRfPihd++apUmM XofTqtjl0L4OdFgHj2M9ZeYnNP0EJQ89Yuyq7fERslFj1ip5Tf4bEAO39kmoNghY 9DzSLKGlOyfBqyGahOaYSftuxkb3gmZqtho7bw0IGCifa3byuvij6ifmL4Y65q5G Xlck5nIzMGuTadIWFQqYY7w02VVFFtX9MD2FyBfaCgV6rKkr6Nq693kWFNatwcvs 1HamncspoVM5BvKdmvykzqDxplWvZ9KpAbdz+QqyXW9P2cy7y/oMGTtSGvddsE7e c7Kswhp7uQOl6KtfEJce =jZ5n - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV7+bsYx+lLeg9Ub1AQi6ChAAkvIIXCrUTLpYgRqvidEpN3jbUMvzniic jVFQdAnHtElzUvdIL4qC0RGqi5sOLFqQuMgbDTFrjysll7ifpNoq28YLeOG7L+yI ziMU/bjj/G0XdQYUI1iBIKCcou8rm0ZwBCEHFo3hQ/xW06ZjgkSYrLimhsY8INWA EtkxorqdPjLcCZ5n4r0tUgJQ4VAh5CRVEmO5IVd3qRRvNVluUjAdi2a5HI5Fq+Fp NAip8grJwn3zAATR/uxq9zflYUPJDBUhKuvDmIXRDUp4ystAwm3TDtj5beQOYJ+g f7CJGhmRM8PZgjsady6vPMihNvM2uH8v7lb6OJLbMx8BKD3PVbpESV71BZP6ObNQ NeEW+OEsXYveO/UEVodPXDsFMOeesd2L4nlpma5VTX82ouyHim6xfWmyK5HvzfPD 6RXNY35qXmYyv1lnZtt8niCx8dSbfPToYVYrspM64t4MhAk3aUqMQhrbph5pzlfT EIG/QguizLBwdLA0TBRUzJeg6/mafIIFhQ74NluPZEzDoUAsLfMcbHcaKKimfJwY j1e6Z9HLRpMMfx/07qzvRD/cLrtNvubb4PywqGJ1CT5NroRJrVLYQOXEImT4Klnq dDfwGVSaJFPJC5UvOVRwd237qH3qRKzjjhWtbYn779wHCIEJ05++vxFLvV2tMfSD y++ObXn85sg= =zllf -----END PGP SIGNATURE-----