Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2823 imagemagick security update 6 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: imagemagick Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-13145 CVE-2017-13144 CVE-2017-13143 CVE-2017-13142 CVE-2017-13141 CVE-2017-13140 CVE-2017-13139 CVE-2017-12671 CVE-2017-12640 CVE-2017-12587 CVE-2017-12434 CVE-2017-12432 CVE-2017-12431 CVE-2017-12428 CVE-2017-11640 CVE-2017-11639 CVE-2017-11537 CVE-2017-11535 CVE-2017-11533 CVE-2017-11523 CVE-2017-11446 CVE-2017-9500 Reference: ESB-2017.2697 ESB-2017.1769 Original Bulletin: http://www.debian.org/security/2017/dsa-4019 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4019-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434 CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 Debian Bug : 870526 870491 870116 870111 870109 870106 870119 870105 870065 870014 869210 870067 870012 869834 869830 869827 868950 869728 869712 869715 869713 867778 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed. For the stable distribution (stretch), this problem has been fixed in version 8:6.9.7.4+dfsg-11+deb9u2. We recommend that you upgrade your imagemagick packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAln/U3sACgkQEMKTtsN8 TjZK9g//VG1nj33nrBqZmq7PUtk5d9D7dLwE1nK43lqMfTDM0K2+E87DjXOUPj/q 0NYmBLJmWNO4TR+/lf9puS70gNJBHighJa8Bo/XlHunNqDF6o3k6GaJqHEg/wXQM M3AkkojFJCIiezZtnmy9MhvUf9yAW4HDY9fb9CKim5ChT6ItcajSW8VpYRE1I7VV Gav2tFACckpC33KbRgwEZxOtG6RBW/QPRMdeXWMV/EAHrOw9MnH3wHWCCpwxue86 J7c6YOB1/lVlGvjneP90DXhWDozW1R0i4eoMaDfZM/vWOgft6JtWOXk5W2BBTKpm h+AOyg1vxsxhCNfazD2B1mUduR7x9Lv4vO6YZTlFFqxtM90qUbIRfZbludGN4gI3 1v7Bwd3MtkNcj9mDfhfENeI5yvl+oc9FQ45ZF6korYt8rDFbDeoJILfN/Ni2hiOz Jy4rO2m33/lE3mcz9ptWjEaykXgZIuKUnDfYMkSw9x0lv88lotLd1Byt9XdS54al CP7qD7uS2EluO2dqxFVkvi3jx97+TH18apZ8fUKtcmEemtX33EMlOrE4CeKrQFVY /QBtlOSphXfoSE/QnFHRCF34KSy4rXzOgF5rWcG4PDKLS/Zh83w6wa8qnksHZUjW q7awhysrGhyNKSHjWNFkLj8EbKX8cU2STFnH+dMT7jkaPTAcFHc= =BAll - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWf+omYx+lLeg9Ub1AQibbQ//X5t3W3J3iPnrDZLLI6OQH4BWRRCob8qQ MGMBfzezZKcZ8KB8oNvuEzp7UQb5QNAy1SINLBlUl35iSLNrZP1jWJS4CRuZs3Dq nz9xesFbLAwYt0WJ07onVkctXUElA5jeqfKdfHWZDsJlUUlw9EaF2Gyhvcp5k6R3 vx28Md+8U8x/fyh3FMbKfymjF9U65fbk20ocPHxGDvkehGhSv/GoIQ1xdh2vNrap xEmgDzIEBOQA9lpw+krS0qget+45AuDQcyMZJpqrWBwnU3p56DXwsVlL0m36ieB8 i8NwOtjReaVEGH9j9ItlEHl0BkosQ9XOzqr1TXAF4M00CfUx0FjmmBL+rmrsmNKh 7sbbD5d4zOLuwEP1pI4Jg1YOOhRYiaOXbi0athaV4RoisDxPn10HCtlVzLaIrbb9 Oy7Cl4NAwdUXvtoyebelscJtX/3Mf+ulCetTBYj37kEcce7PG7hZOkWd76dqlZlE wyBMJXY3rGAZlho4HZWiJzJGmGweQzlqzSHoCV+1hHynMUzvt1WXUBwoYpW1XaH8 KgxxMhhYBDI9Nx6SFDedHgfOUH3CkB2h+wfg5UOuASO4tNAKQ0YHmIAP5nbvhVu9 HVrwqtmdKjABa9FjzHW1gSUop2yqc0mReCIfPrAwhZ+veMooUbqOKqZ1AKC8X0DG T6ysvFcDsCU= =vXqG -----END PGP SIGNATURE-----