-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1142
           ImageMagick security, bug fix, and enhancement update
                               1 April 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ImageMagick
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-19949 CVE-2019-19948 CVE-2019-17541
                   CVE-2019-17540 CVE-2019-16713 CVE-2019-16712
                   CVE-2019-16711 CVE-2019-16710 CVE-2019-16709
                   CVE-2019-16708 CVE-2019-15141 CVE-2019-15140
                   CVE-2019-15139 CVE-2019-14981 CVE-2019-14980
                   CVE-2019-13454 CVE-2019-13311 CVE-2019-13310
                   CVE-2019-13309 CVE-2019-13307 CVE-2019-13306
                   CVE-2019-13305 CVE-2019-13304 CVE-2019-13301
                   CVE-2019-13300 CVE-2019-13297 CVE-2019-13295
                   CVE-2019-13135 CVE-2019-13134 CVE-2019-13133
                   CVE-2019-12979 CVE-2019-12978 CVE-2019-12976
                   CVE-2019-12975 CVE-2019-12974 CVE-2019-11598
                   CVE-2019-11597 CVE-2019-11472 CVE-2019-11470
                   CVE-2019-10650 CVE-2019-10131 CVE-2019-9956
                   CVE-2019-7398 CVE-2019-7397 CVE-2019-7175
                   CVE-2018-20467 CVE-2018-18544 CVE-2018-16750
                   CVE-2018-16749 CVE-2018-16328 CVE-2018-15607
                   CVE-2018-14437 CVE-2018-14436 CVE-2018-14435
                   CVE-2018-14434 CVE-2018-13153 CVE-2018-12600
                   CVE-2018-12599 CVE-2018-11656 CVE-2018-10805
                   CVE-2018-10804 CVE-2018-10177 CVE-2018-9133
                   CVE-2018-8804 CVE-2017-1000476 CVE-2017-18273
                   CVE-2017-18271 CVE-2017-18254 CVE-2017-18252
                   CVE-2017-18251 CVE-2017-12806 CVE-2017-12805
                   CVE-2017-11166  

Reference:         ESB-2020.0576
                   ESB-2020.0367
                   ESB-2020.0023
                   ESB-2019.4598

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:1180

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:1180-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1180
Issue date:        2020-03-31
CVE Names:         CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 
                   CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 
                   CVE-2017-18271 CVE-2017-18273 CVE-2017-1000476 
                   CVE-2018-8804 CVE-2018-9133 CVE-2018-10177 
                   CVE-2018-10804 CVE-2018-10805 CVE-2018-11656 
                   CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 
                   CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 
                   CVE-2018-14437 CVE-2018-15607 CVE-2018-16328 
                   CVE-2018-16749 CVE-2018-16750 CVE-2018-18544 
                   CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 
                   CVE-2019-7398 CVE-2019-9956 CVE-2019-10131 
                   CVE-2019-10650 CVE-2019-11470 CVE-2019-11472 
                   CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 
                   CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 
                   CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 
                   CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 
                   CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 
                   CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 
                   CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 
                   CVE-2019-13454 CVE-2019-14980 CVE-2019-14981 
                   CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 
                   CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 
                   CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 
                   CVE-2019-17540 CVE-2019-17541 CVE-2019-19948 
                   CVE-2019-19949 
=====================================================================

1. Summary:

An update for ImageMagick, autotrace, emacs, and inkscape is now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

The following packages have been upgraded to a later upstream version:
ImageMagick (6.9.10.68). (BZ#1764595)

Security Fix(es):

* ImageMagick: multiple security vulnerabilities (CVE-2018-12599,
CVE-2018-12600, CVE-2019-9956, CVE-2019-11597, CVE-2019-11598,
CVE-2019-12974, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135,
CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307,
CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-17540,
CVE-2019-17541, CVE-2019-19948, CVE-2017-11166, CVE-2017-12805,
CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254,
CVE-2017-18271, CVE-2017-18273, CVE-2017-1000476, CVE-2018-8804,
CVE-2018-9133, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805,
CVE-2018-11656, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435,
CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328,
CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-20467,
CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-10131,
CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-12975,
CVE-2019-12976, CVE-2019-13133, CVE-2019-13134, CVE-2019-13309,
CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980,
CVE-2019-14981, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710,
CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-19949)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1532845 - CVE-2017-1000476 ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c
1559892 - CVE-2018-8804 ImageMagick: double free in WriteEPTImage function in coders/ept.c
1561741 - CVE-2017-18251 ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c
1561742 - CVE-2017-18252 ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c
1561744 - CVE-2017-18254 ImageMagick: memory leak in WriteGIFImage function in coders/gif.c
1563875 - CVE-2018-9133 ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c
1572044 - CVE-2018-10177 ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file
1577398 - CVE-2018-10805 ImageMagick: Memory leak in ReadYCBCRImage
1577399 - CVE-2018-10804 ImageMagick: Memory leak in WriteTIFFImage
1581486 - CVE-2017-18271 ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c
1581489 - CVE-2017-18273 ImageMagick: infinite loop ReadTXTImage  in function in coders/txt.c
1588170 - CVE-2018-11656 ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c
1594338 - CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c
1594339 - CVE-2018-12600 ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c
1598471 - CVE-2018-13153 ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c
1609933 - CVE-2018-14434 ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c
1609936 - CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c
1609939 - CVE-2018-14436 ImageMagick: memory leak in ReadMIFFImage in coders/miff.c
1609942 - CVE-2018-14437 ImageMagick: memory leak in parse8BIM in coders/meta.c
1622738 - CVE-2018-15607 ImageMagick: CPU Exhaustion via crafted input file
1624955 - CVE-2018-16328 ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c
1627916 - CVE-2018-16749 ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c
1627917 - CVE-2018-16750 ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
1642614 - CVE-2018-18544 ImageMagick: memory leak in WriteMSLImage of coders/msl.c
1664845 - CVE-2018-20467 ImageMagick: infinite loop in coders/bmp.c
1672560 - CVE-2019-7398 ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
1672564 - CVE-2019-7397 ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
1687436 - CVE-2019-7175 imagemagick: memory leak in function DecodeImage in coders/pcd.c
1692300 - CVE-2019-9956 imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
1700755 - CVE-2019-10650 ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
1704762 - CVE-2019-10131 ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
1705406 - CVE-2019-11597 ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure
1705414 - CVE-2019-11598 ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
1707768 - CVE-2019-11472 ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component
1707770 - CVE-2019-11470 ImageMagick: denial of service in cineon parsing component
1708517 - CVE-2017-12806 ImageMagick: memory exhaustion in function format8BIM causing denial of service
1708521 - CVE-2017-12805 ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service
1726078 - CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c
1726081 - CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c
1726104 - CVE-2019-13135 ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
1728474 - CVE-2019-13454 ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c
1730329 - CVE-2019-13311 ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error
1730333 - CVE-2019-13310 ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c
1730337 - CVE-2019-13309 ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages
1730351 - CVE-2019-13307 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows
1730357 - CVE-2019-13306 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors
1730361 - CVE-2019-13305 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error
1730364 - CVE-2019-13304 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment
1730575 - CVE-2019-13301 ImageMagick: memory leaks in AcquireMagickMemory
1730580 - CVE-2019-13300 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns
1730596 - CVE-2019-13297 ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled
1730604 - CVE-2019-13295 ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled
1732278 - CVE-2019-12974 imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service
1732282 - CVE-2019-12975 imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c
1732284 - CVE-2019-12976 imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c
1732292 - CVE-2019-12978 imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c
1732294 - CVE-2019-12979 imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c
1743658 - [config/type-ghostscript.xml.in] using outdated hardcoded paths for (URW)++ fonts
1757779 - CVE-2019-14980 ImageMagick: use-after-free in magick/blob.c resulting in a denial of service
1757911 - CVE-2019-14981 ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c
1764595 - Rebase to ImageMagick 6.9
1765205 - Rebuild autotrace due to ImageMagick rebase
1765208 - Rebuild emacs due to ImageMagick rebase
1765211 - Rebuild inkscape due to ImageMagick rebase
1765330 - CVE-2019-17540 ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c
1767087 - CVE-2019-17541 ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c
1767802 - CVE-2019-15141 ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c
1767812 - CVE-2019-15139 ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c
1767828 - CVE-2019-15140 ImageMagick: Use after free in ReadMATImage in coders/mat.c
1772643 - CVE-2017-11166 ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c
1792480 - CVE-2019-19949 ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c
1793177 - CVE-2019-19948 ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c
1801661 - CVE-2019-16709 ImageMagick: memory leak in coders/dps.c
1801665 - CVE-2019-16708 ImageMagick: memory leak in magick/xwindow.c
1801667 - CVE-2019-16710 ImageMagick: memory leak in coders/dot.c
1801673 - CVE-2019-16711 ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c
1801674 - CVE-2019-16712 ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c
1801681 - CVE-2019-16713 ImageMagick: memory leak in coders/dot.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
ImageMagick-6.9.10.68-3.el7.src.rpm
emacs-24.3-23.el7.src.rpm
inkscape-0.92.2-3.el7.src.rpm

noarch:
emacs-filesystem-24.3-23.el7.noarch.rpm

x86_64:
ImageMagick-6.9.10.68-3.el7.i686.rpm
ImageMagick-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-c++-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
emacs-24.3-23.el7.x86_64.rpm
emacs-common-24.3-23.el7.x86_64.rpm
emacs-debuginfo-24.3-23.el7.x86_64.rpm
emacs-nox-24.3-23.el7.x86_64.rpm
inkscape-0.92.2-3.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
autotrace-0.31.1-38.el7.src.rpm

noarch:
emacs-el-24.3-23.el7.noarch.rpm
emacs-terminal-24.3-23.el7.noarch.rpm

x86_64:
ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm
autotrace-0.31.1-38.el7.i686.rpm
autotrace-0.31.1-38.el7.x86_64.rpm
autotrace-debuginfo-0.31.1-38.el7.i686.rpm
autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm
autotrace-devel-0.31.1-38.el7.i686.rpm
autotrace-devel-0.31.1-38.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm
inkscape-docs-0.92.2-3.el7.x86_64.rpm
inkscape-view-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
emacs-24.3-23.el7.src.rpm

noarch:
emacs-filesystem-24.3-23.el7.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
ImageMagick-6.9.10.68-3.el7.src.rpm
autotrace-0.31.1-38.el7.src.rpm
inkscape-0.92.2-3.el7.src.rpm

noarch:
emacs-el-24.3-23.el7.noarch.rpm
emacs-terminal-24.3-23.el7.noarch.rpm

x86_64:
ImageMagick-6.9.10.68-3.el7.i686.rpm
ImageMagick-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-c++-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm
autotrace-0.31.1-38.el7.i686.rpm
autotrace-0.31.1-38.el7.x86_64.rpm
autotrace-debuginfo-0.31.1-38.el7.i686.rpm
autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm
autotrace-devel-0.31.1-38.el7.i686.rpm
autotrace-devel-0.31.1-38.el7.x86_64.rpm
emacs-24.3-23.el7.x86_64.rpm
emacs-common-24.3-23.el7.x86_64.rpm
emacs-debuginfo-24.3-23.el7.x86_64.rpm
emacs-nox-24.3-23.el7.x86_64.rpm
inkscape-0.92.2-3.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm
inkscape-docs-0.92.2-3.el7.x86_64.rpm
inkscape-view-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
ImageMagick-6.9.10.68-3.el7.src.rpm
emacs-24.3-23.el7.src.rpm
inkscape-0.92.2-3.el7.src.rpm

noarch:
emacs-filesystem-24.3-23.el7.noarch.rpm

ppc64:
ImageMagick-6.9.10.68-3.el7.ppc.rpm
ImageMagick-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-perl-6.9.10.68-3.el7.ppc64.rpm
emacs-24.3-23.el7.ppc64.rpm
emacs-common-24.3-23.el7.ppc64.rpm
emacs-debuginfo-24.3-23.el7.ppc64.rpm
emacs-nox-24.3-23.el7.ppc64.rpm

ppc64le:
ImageMagick-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-c++-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-perl-6.9.10.68-3.el7.ppc64le.rpm
emacs-24.3-23.el7.ppc64le.rpm
emacs-common-24.3-23.el7.ppc64le.rpm
emacs-debuginfo-24.3-23.el7.ppc64le.rpm
emacs-nox-24.3-23.el7.ppc64le.rpm
inkscape-0.92.2-3.el7.ppc64le.rpm
inkscape-debuginfo-0.92.2-3.el7.ppc64le.rpm

s390x:
ImageMagick-6.9.10.68-3.el7.s390.rpm
ImageMagick-6.9.10.68-3.el7.s390x.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.s390.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.s390x.rpm
ImageMagick-perl-6.9.10.68-3.el7.s390x.rpm
emacs-24.3-23.el7.s390x.rpm
emacs-common-24.3-23.el7.s390x.rpm
emacs-debuginfo-24.3-23.el7.s390x.rpm
emacs-nox-24.3-23.el7.s390x.rpm

x86_64:
ImageMagick-6.9.10.68-3.el7.i686.rpm
ImageMagick-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-c++-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm
emacs-24.3-23.el7.x86_64.rpm
emacs-common-24.3-23.el7.x86_64.rpm
emacs-debuginfo-24.3-23.el7.x86_64.rpm
emacs-nox-24.3-23.el7.x86_64.rpm
inkscape-0.92.2-3.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
autotrace-0.31.1-38.el7.src.rpm
inkscape-0.92.2-3.el7.src.rpm

noarch:
emacs-el-24.3-23.el7.noarch.rpm
emacs-terminal-24.3-23.el7.noarch.rpm

ppc64:
ImageMagick-c++-6.9.10.68-3.el7.ppc.rpm
ImageMagick-c++-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.ppc.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-devel-6.9.10.68-3.el7.ppc.rpm
ImageMagick-devel-6.9.10.68-3.el7.ppc64.rpm
ImageMagick-doc-6.9.10.68-3.el7.ppc64.rpm
autotrace-0.31.1-38.el7.ppc.rpm
autotrace-0.31.1-38.el7.ppc64.rpm
autotrace-debuginfo-0.31.1-38.el7.ppc.rpm
autotrace-debuginfo-0.31.1-38.el7.ppc64.rpm
autotrace-devel-0.31.1-38.el7.ppc.rpm
autotrace-devel-0.31.1-38.el7.ppc64.rpm
inkscape-0.92.2-3.el7.ppc64.rpm
inkscape-debuginfo-0.92.2-3.el7.ppc64.rpm
inkscape-docs-0.92.2-3.el7.ppc64.rpm
inkscape-view-0.92.2-3.el7.ppc64.rpm

ppc64le:
ImageMagick-c++-devel-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-devel-6.9.10.68-3.el7.ppc64le.rpm
ImageMagick-doc-6.9.10.68-3.el7.ppc64le.rpm
autotrace-0.31.1-38.el7.ppc64le.rpm
autotrace-debuginfo-0.31.1-38.el7.ppc64le.rpm
autotrace-devel-0.31.1-38.el7.ppc64le.rpm
inkscape-debuginfo-0.92.2-3.el7.ppc64le.rpm
inkscape-docs-0.92.2-3.el7.ppc64le.rpm
inkscape-view-0.92.2-3.el7.ppc64le.rpm

s390x:
ImageMagick-c++-6.9.10.68-3.el7.s390.rpm
ImageMagick-c++-6.9.10.68-3.el7.s390x.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.s390.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.s390x.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.s390.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.s390x.rpm
ImageMagick-devel-6.9.10.68-3.el7.s390.rpm
ImageMagick-devel-6.9.10.68-3.el7.s390x.rpm
ImageMagick-doc-6.9.10.68-3.el7.s390x.rpm
autotrace-0.31.1-38.el7.s390.rpm
autotrace-0.31.1-38.el7.s390x.rpm
autotrace-debuginfo-0.31.1-38.el7.s390.rpm
autotrace-debuginfo-0.31.1-38.el7.s390x.rpm
autotrace-devel-0.31.1-38.el7.s390.rpm
autotrace-devel-0.31.1-38.el7.s390x.rpm
inkscape-0.92.2-3.el7.s390x.rpm
inkscape-debuginfo-0.92.2-3.el7.s390x.rpm
inkscape-docs-0.92.2-3.el7.s390x.rpm
inkscape-view-0.92.2-3.el7.s390x.rpm

x86_64:
ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm
autotrace-0.31.1-38.el7.i686.rpm
autotrace-0.31.1-38.el7.x86_64.rpm
autotrace-debuginfo-0.31.1-38.el7.i686.rpm
autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm
autotrace-devel-0.31.1-38.el7.i686.rpm
autotrace-devel-0.31.1-38.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm
inkscape-docs-0.92.2-3.el7.x86_64.rpm
inkscape-view-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
ImageMagick-6.9.10.68-3.el7.src.rpm
emacs-24.3-23.el7.src.rpm
inkscape-0.92.2-3.el7.src.rpm

noarch:
emacs-filesystem-24.3-23.el7.noarch.rpm

x86_64:
ImageMagick-6.9.10.68-3.el7.i686.rpm
ImageMagick-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-c++-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm
emacs-24.3-23.el7.x86_64.rpm
emacs-common-24.3-23.el7.x86_64.rpm
emacs-debuginfo-24.3-23.el7.x86_64.rpm
emacs-nox-24.3-23.el7.x86_64.rpm
inkscape-0.92.2-3.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

Source:
autotrace-0.31.1-38.el7.src.rpm

noarch:
emacs-el-24.3-23.el7.noarch.rpm
emacs-terminal-24.3-23.el7.noarch.rpm

x86_64:
ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm
ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-devel-6.9.10.68-3.el7.i686.rpm
ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm
ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm
autotrace-0.31.1-38.el7.i686.rpm
autotrace-0.31.1-38.el7.x86_64.rpm
autotrace-debuginfo-0.31.1-38.el7.i686.rpm
autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm
autotrace-devel-0.31.1-38.el7.i686.rpm
autotrace-devel-0.31.1-38.el7.x86_64.rpm
inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm
inkscape-docs-0.92.2-3.el7.x86_64.rpm
inkscape-view-0.92.2-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-11166
https://access.redhat.com/security/cve/CVE-2017-12805
https://access.redhat.com/security/cve/CVE-2017-12806
https://access.redhat.com/security/cve/CVE-2017-18251
https://access.redhat.com/security/cve/CVE-2017-18252
https://access.redhat.com/security/cve/CVE-2017-18254
https://access.redhat.com/security/cve/CVE-2017-18271
https://access.redhat.com/security/cve/CVE-2017-18273
https://access.redhat.com/security/cve/CVE-2017-1000476
https://access.redhat.com/security/cve/CVE-2018-8804
https://access.redhat.com/security/cve/CVE-2018-9133
https://access.redhat.com/security/cve/CVE-2018-10177
https://access.redhat.com/security/cve/CVE-2018-10804
https://access.redhat.com/security/cve/CVE-2018-10805
https://access.redhat.com/security/cve/CVE-2018-11656
https://access.redhat.com/security/cve/CVE-2018-12599
https://access.redhat.com/security/cve/CVE-2018-12600
https://access.redhat.com/security/cve/CVE-2018-13153
https://access.redhat.com/security/cve/CVE-2018-14434
https://access.redhat.com/security/cve/CVE-2018-14435
https://access.redhat.com/security/cve/CVE-2018-14436
https://access.redhat.com/security/cve/CVE-2018-14437
https://access.redhat.com/security/cve/CVE-2018-15607
https://access.redhat.com/security/cve/CVE-2018-16328
https://access.redhat.com/security/cve/CVE-2018-16749
https://access.redhat.com/security/cve/CVE-2018-16750
https://access.redhat.com/security/cve/CVE-2018-18544
https://access.redhat.com/security/cve/CVE-2018-20467
https://access.redhat.com/security/cve/CVE-2019-7175
https://access.redhat.com/security/cve/CVE-2019-7397
https://access.redhat.com/security/cve/CVE-2019-7398
https://access.redhat.com/security/cve/CVE-2019-9956
https://access.redhat.com/security/cve/CVE-2019-10131
https://access.redhat.com/security/cve/CVE-2019-10650
https://access.redhat.com/security/cve/CVE-2019-11470
https://access.redhat.com/security/cve/CVE-2019-11472
https://access.redhat.com/security/cve/CVE-2019-11597
https://access.redhat.com/security/cve/CVE-2019-11598
https://access.redhat.com/security/cve/CVE-2019-12974
https://access.redhat.com/security/cve/CVE-2019-12975
https://access.redhat.com/security/cve/CVE-2019-12976
https://access.redhat.com/security/cve/CVE-2019-12978
https://access.redhat.com/security/cve/CVE-2019-12979
https://access.redhat.com/security/cve/CVE-2019-13133
https://access.redhat.com/security/cve/CVE-2019-13134
https://access.redhat.com/security/cve/CVE-2019-13135
https://access.redhat.com/security/cve/CVE-2019-13295
https://access.redhat.com/security/cve/CVE-2019-13297
https://access.redhat.com/security/cve/CVE-2019-13300
https://access.redhat.com/security/cve/CVE-2019-13301
https://access.redhat.com/security/cve/CVE-2019-13304
https://access.redhat.com/security/cve/CVE-2019-13305
https://access.redhat.com/security/cve/CVE-2019-13306
https://access.redhat.com/security/cve/CVE-2019-13307
https://access.redhat.com/security/cve/CVE-2019-13309
https://access.redhat.com/security/cve/CVE-2019-13310
https://access.redhat.com/security/cve/CVE-2019-13311
https://access.redhat.com/security/cve/CVE-2019-13454
https://access.redhat.com/security/cve/CVE-2019-14980
https://access.redhat.com/security/cve/CVE-2019-14981
https://access.redhat.com/security/cve/CVE-2019-15139
https://access.redhat.com/security/cve/CVE-2019-15140
https://access.redhat.com/security/cve/CVE-2019-15141
https://access.redhat.com/security/cve/CVE-2019-16708
https://access.redhat.com/security/cve/CVE-2019-16709
https://access.redhat.com/security/cve/CVE-2019-16710
https://access.redhat.com/security/cve/CVE-2019-16711
https://access.redhat.com/security/cve/CVE-2019-16712
https://access.redhat.com/security/cve/CVE-2019-16713
https://access.redhat.com/security/cve/CVE-2019-17540
https://access.redhat.com/security/cve/CVE-2019-17541
https://access.redhat.com/security/cve/CVE-2019-19948
https://access.redhat.com/security/cve/CVE-2019-19949
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXoOdPNzjgjWX9erEAQgkQw/+LM7Z3kk7JCZaRbvATwBJ9nULIP3sW5W8
tdrJ2sHqjn2kapTfN/uSMSLDtXkJVWsd3HTQ7+c4A4S+oFip+kaf6HonJyrfrxGO
YwJzklVQ6EcU4Latz40D5C11t0g9YfVqQM+udwylzqNpSQ3xxvfRpYB5qe2HAxXP
K2lh/8lU//Xl4+o4waZ3DBV3YljAvEB6a6Mh8KOIgyi+zDFJ4xH/gvlYC2FhzAuG
JFLHJSKAvt+MZFsq4IqdSCB6YgJnTj4tLKNxVSFgx/rKl4psO3zovrX8v6HWIe3M
F2+XZwRv8JDb1nZm3TcirSj9NCSdSQBKR8vkAU/DOBjGDlA7adEIjxLR1bUPjrsD
IZ7aZAEuFWZjVIGizBBdM0y13ER1ikVsNrLf1CzWMifCSqi/7U2j0hzCXefF6vxN
kkrw0jYn0N0neE74iwTjBQvm8wkSRs6VJcmjfna50szdI3JqNwneo11ag+YQXxYh
HwtZKadHCaml11i2Ir+dwkANVrO/Omz8G8iszL3PGVN4P7loxDNLjxr3XIe4FLHQ
BtxxF3LFkfdL2Aq/8L+xewLddMy9th/DJDMRwGZJpkDzumLuK7G6djxNTTa00buh
3HI45kryC4odYuZKNyzjB+8aCKVPROp03mBberA2ej0+ZEFVO/wWTl2490o3V8ji
GT9NXw7ciKE=
=Ca7e
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXoQz/GaOgq3Tt24GAQhCbg/+Kdp5UqcZlzp27kV6Oo/xZOyxRVR0MrS0
b5ul2HnzwEPAtPi2bDl+G5LxC66QBJxdeg11mEkU6gu4jYyfpXbu1yMQvqPSg5uh
0fg4X9UzyZfdjppvvyz6w+265Mi9dIr5yHTF3JEdoyJfHr881ZJddR48ZhTkTB6w
16lrlnY5FvTf4L+cpU1bWTgbWPls4Q7fdArHim8xxAXT0v8NLOgbXV67Br9WnDnR
1Gig59vt8hI6YGPJbUUhz8YsndWUT0j3MZWc2yeM/XTPezbJHUg8RK02pETyhsDd
YAWx/ohernM8mfiNiHKakDm7s1ftcVmZ3GQHfbj91IvuFJnBLIlhjohGwnq5j3tH
/squg24DqaErj5+KZeaPv0i+WZBpNLeaLfWE9YuxLOml5wDFnxwpO0PqAayodWln
EloAVlexgzivXgdjlBNtHFWNxdcSG2hHBc+3qpqhkpCvS25BDADLslmQDqK+Sdku
nh/94e1+HZ/E30zEaQC/IChFAmjcWYD/pi36Bfar1xHDmnJ5h/nVoX9RR5CrFrJJ
mVody5wl4FUPW/M0f0Aq27WObApr3ImFFhSk9k5CZdfCNoXQSUGX25UkVGkj+0Xl
pfA1JnXeimptKU/YrPJEvdYe7h7r9+Njc42b1d6/hOqjLjAcmZP5CnFwiJgTWdN9
lYPY9qfGhek=
=b6o5
-----END PGP SIGNATURE-----