Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1142 ImageMagick security, bug fix, and enhancement update 1 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ImageMagick Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-19949 CVE-2019-19948 CVE-2019-17541 CVE-2019-17540 CVE-2019-16713 CVE-2019-16712 CVE-2019-16711 CVE-2019-16710 CVE-2019-16709 CVE-2019-16708 CVE-2019-15141 CVE-2019-15140 CVE-2019-15139 CVE-2019-14981 CVE-2019-14980 CVE-2019-13454 CVE-2019-13311 CVE-2019-13310 CVE-2019-13309 CVE-2019-13307 CVE-2019-13306 CVE-2019-13305 CVE-2019-13304 CVE-2019-13301 CVE-2019-13300 CVE-2019-13297 CVE-2019-13295 CVE-2019-13135 CVE-2019-13134 CVE-2019-13133 CVE-2019-12979 CVE-2019-12978 CVE-2019-12976 CVE-2019-12975 CVE-2019-12974 CVE-2019-11598 CVE-2019-11597 CVE-2019-11472 CVE-2019-11470 CVE-2019-10650 CVE-2019-10131 CVE-2019-9956 CVE-2019-7398 CVE-2019-7397 CVE-2019-7175 CVE-2018-20467 CVE-2018-18544 CVE-2018-16750 CVE-2018-16749 CVE-2018-16328 CVE-2018-15607 CVE-2018-14437 CVE-2018-14436 CVE-2018-14435 CVE-2018-14434 CVE-2018-13153 CVE-2018-12600 CVE-2018-12599 CVE-2018-11656 CVE-2018-10805 CVE-2018-10804 CVE-2018-10177 CVE-2018-9133 CVE-2018-8804 CVE-2017-1000476 CVE-2017-18273 CVE-2017-18271 CVE-2017-18254 CVE-2017-18252 CVE-2017-18251 CVE-2017-12806 CVE-2017-12805 CVE-2017-11166 Reference: ESB-2020.0576 ESB-2020.0367 ESB-2020.0023 ESB-2019.4598 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:1180 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ImageMagick security, bug fix, and enhancement update Advisory ID: RHSA-2020:1180-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1180 Issue date: 2020-03-31 CVE Names: CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2017-1000476 CVE-2018-8804 CVE-2018-9133 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-15607 CVE-2018-16328 CVE-2018-16749 CVE-2018-16750 CVE-2018-18544 CVE-2018-20467 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 CVE-2019-10131 CVE-2019-10650 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13454 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-17540 CVE-2019-17541 CVE-2019-19948 CVE-2019-19949 ===================================================================== 1. Summary: An update for ImageMagick, autotrace, emacs, and inkscape is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. The following packages have been upgraded to a later upstream version: ImageMagick (6.9.10.68). (BZ#1764595) Security Fix(es): * ImageMagick: multiple security vulnerabilities (CVE-2018-12599, CVE-2018-12600, CVE-2019-9956, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-17540, CVE-2019-17541, CVE-2019-19948, CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000476, CVE-2018-8804, CVE-2018-9133, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805, CVE-2018-11656, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-20467, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-12975, CVE-2019-12976, CVE-2019-13133, CVE-2019-13134, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980, CVE-2019-14981, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-19949) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1532845 - CVE-2017-1000476 ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c 1559892 - CVE-2018-8804 ImageMagick: double free in WriteEPTImage function in coders/ept.c 1561741 - CVE-2017-18251 ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c 1561742 - CVE-2017-18252 ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c 1561744 - CVE-2017-18254 ImageMagick: memory leak in WriteGIFImage function in coders/gif.c 1563875 - CVE-2018-9133 ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c 1572044 - CVE-2018-10177 ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file 1577398 - CVE-2018-10805 ImageMagick: Memory leak in ReadYCBCRImage 1577399 - CVE-2018-10804 ImageMagick: Memory leak in WriteTIFFImage 1581486 - CVE-2017-18271 ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c 1581489 - CVE-2017-18273 ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c 1588170 - CVE-2018-11656 ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c 1594338 - CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c 1594339 - CVE-2018-12600 ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c 1598471 - CVE-2018-13153 ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c 1609933 - CVE-2018-14434 ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c 1609936 - CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c 1609939 - CVE-2018-14436 ImageMagick: memory leak in ReadMIFFImage in coders/miff.c 1609942 - CVE-2018-14437 ImageMagick: memory leak in parse8BIM in coders/meta.c 1622738 - CVE-2018-15607 ImageMagick: CPU Exhaustion via crafted input file 1624955 - CVE-2018-16328 ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c 1627916 - CVE-2018-16749 ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c 1627917 - CVE-2018-16750 ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c 1642614 - CVE-2018-18544 ImageMagick: memory leak in WriteMSLImage of coders/msl.c 1664845 - CVE-2018-20467 ImageMagick: infinite loop in coders/bmp.c 1672560 - CVE-2019-7398 ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c 1672564 - CVE-2019-7397 ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c 1687436 - CVE-2019-7175 imagemagick: memory leak in function DecodeImage in coders/pcd.c 1692300 - CVE-2019-9956 imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c 1700755 - CVE-2019-10650 ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file 1704762 - CVE-2019-10131 ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c 1705406 - CVE-2019-11597 ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure 1705414 - CVE-2019-11598 ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure 1707768 - CVE-2019-11472 ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component 1707770 - CVE-2019-11470 ImageMagick: denial of service in cineon parsing component 1708517 - CVE-2017-12806 ImageMagick: memory exhaustion in function format8BIM causing denial of service 1708521 - CVE-2017-12805 ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service 1726078 - CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c 1726081 - CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c 1726104 - CVE-2019-13135 ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS 1728474 - CVE-2019-13454 ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c 1730329 - CVE-2019-13311 ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error 1730333 - CVE-2019-13310 ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c 1730337 - CVE-2019-13309 ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages 1730351 - CVE-2019-13307 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows 1730357 - CVE-2019-13306 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors 1730361 - CVE-2019-13305 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error 1730364 - CVE-2019-13304 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment 1730575 - CVE-2019-13301 ImageMagick: memory leaks in AcquireMagickMemory 1730580 - CVE-2019-13300 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns 1730596 - CVE-2019-13297 ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled 1730604 - CVE-2019-13295 ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled 1732278 - CVE-2019-12974 imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service 1732282 - CVE-2019-12975 imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c 1732284 - CVE-2019-12976 imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c 1732292 - CVE-2019-12978 imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c 1732294 - CVE-2019-12979 imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c 1743658 - [config/type-ghostscript.xml.in] using outdated hardcoded paths for (URW)++ fonts 1757779 - CVE-2019-14980 ImageMagick: use-after-free in magick/blob.c resulting in a denial of service 1757911 - CVE-2019-14981 ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c 1764595 - Rebase to ImageMagick 6.9 1765205 - Rebuild autotrace due to ImageMagick rebase 1765208 - Rebuild emacs due to ImageMagick rebase 1765211 - Rebuild inkscape due to ImageMagick rebase 1765330 - CVE-2019-17540 ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c 1767087 - CVE-2019-17541 ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c 1767802 - CVE-2019-15141 ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c 1767812 - CVE-2019-15139 ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c 1767828 - CVE-2019-15140 ImageMagick: Use after free in ReadMATImage in coders/mat.c 1772643 - CVE-2017-11166 ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c 1792480 - CVE-2019-19949 ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c 1793177 - CVE-2019-19948 ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c 1801661 - CVE-2019-16709 ImageMagick: memory leak in coders/dps.c 1801665 - CVE-2019-16708 ImageMagick: memory leak in magick/xwindow.c 1801667 - CVE-2019-16710 ImageMagick: memory leak in coders/dot.c 1801673 - CVE-2019-16711 ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c 1801674 - CVE-2019-16712 ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c 1801681 - CVE-2019-16713 ImageMagick: memory leak in coders/dot.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ImageMagick-6.9.10.68-3.el7.src.rpm emacs-24.3-23.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm noarch: emacs-filesystem-24.3-23.el7.noarch.rpm x86_64: ImageMagick-6.9.10.68-3.el7.i686.rpm ImageMagick-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm emacs-24.3-23.el7.x86_64.rpm emacs-common-24.3-23.el7.x86_64.rpm emacs-debuginfo-24.3-23.el7.x86_64.rpm emacs-nox-24.3-23.el7.x86_64.rpm inkscape-0.92.2-3.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: autotrace-0.31.1-38.el7.src.rpm noarch: emacs-el-24.3-23.el7.noarch.rpm emacs-terminal-24.3-23.el7.noarch.rpm x86_64: ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm autotrace-0.31.1-38.el7.i686.rpm autotrace-0.31.1-38.el7.x86_64.rpm autotrace-debuginfo-0.31.1-38.el7.i686.rpm autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm autotrace-devel-0.31.1-38.el7.i686.rpm autotrace-devel-0.31.1-38.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm inkscape-docs-0.92.2-3.el7.x86_64.rpm inkscape-view-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: emacs-24.3-23.el7.src.rpm noarch: emacs-filesystem-24.3-23.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: ImageMagick-6.9.10.68-3.el7.src.rpm autotrace-0.31.1-38.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm noarch: emacs-el-24.3-23.el7.noarch.rpm emacs-terminal-24.3-23.el7.noarch.rpm x86_64: ImageMagick-6.9.10.68-3.el7.i686.rpm ImageMagick-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm autotrace-0.31.1-38.el7.i686.rpm autotrace-0.31.1-38.el7.x86_64.rpm autotrace-debuginfo-0.31.1-38.el7.i686.rpm autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm autotrace-devel-0.31.1-38.el7.i686.rpm autotrace-devel-0.31.1-38.el7.x86_64.rpm emacs-24.3-23.el7.x86_64.rpm emacs-common-24.3-23.el7.x86_64.rpm emacs-debuginfo-24.3-23.el7.x86_64.rpm emacs-nox-24.3-23.el7.x86_64.rpm inkscape-0.92.2-3.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm inkscape-docs-0.92.2-3.el7.x86_64.rpm inkscape-view-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ImageMagick-6.9.10.68-3.el7.src.rpm emacs-24.3-23.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm noarch: emacs-filesystem-24.3-23.el7.noarch.rpm ppc64: ImageMagick-6.9.10.68-3.el7.ppc.rpm ImageMagick-6.9.10.68-3.el7.ppc64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64.rpm ImageMagick-perl-6.9.10.68-3.el7.ppc64.rpm emacs-24.3-23.el7.ppc64.rpm emacs-common-24.3-23.el7.ppc64.rpm emacs-debuginfo-24.3-23.el7.ppc64.rpm emacs-nox-24.3-23.el7.ppc64.rpm ppc64le: ImageMagick-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-c++-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-perl-6.9.10.68-3.el7.ppc64le.rpm emacs-24.3-23.el7.ppc64le.rpm emacs-common-24.3-23.el7.ppc64le.rpm emacs-debuginfo-24.3-23.el7.ppc64le.rpm emacs-nox-24.3-23.el7.ppc64le.rpm inkscape-0.92.2-3.el7.ppc64le.rpm inkscape-debuginfo-0.92.2-3.el7.ppc64le.rpm s390x: ImageMagick-6.9.10.68-3.el7.s390.rpm ImageMagick-6.9.10.68-3.el7.s390x.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.s390.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.s390x.rpm ImageMagick-perl-6.9.10.68-3.el7.s390x.rpm emacs-24.3-23.el7.s390x.rpm emacs-common-24.3-23.el7.s390x.rpm emacs-debuginfo-24.3-23.el7.s390x.rpm emacs-nox-24.3-23.el7.s390x.rpm x86_64: ImageMagick-6.9.10.68-3.el7.i686.rpm ImageMagick-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm emacs-24.3-23.el7.x86_64.rpm emacs-common-24.3-23.el7.x86_64.rpm emacs-debuginfo-24.3-23.el7.x86_64.rpm emacs-nox-24.3-23.el7.x86_64.rpm inkscape-0.92.2-3.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: autotrace-0.31.1-38.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm noarch: emacs-el-24.3-23.el7.noarch.rpm emacs-terminal-24.3-23.el7.noarch.rpm ppc64: ImageMagick-c++-6.9.10.68-3.el7.ppc.rpm ImageMagick-c++-6.9.10.68-3.el7.ppc64.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.ppc.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.ppc64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64.rpm ImageMagick-devel-6.9.10.68-3.el7.ppc.rpm ImageMagick-devel-6.9.10.68-3.el7.ppc64.rpm ImageMagick-doc-6.9.10.68-3.el7.ppc64.rpm autotrace-0.31.1-38.el7.ppc.rpm autotrace-0.31.1-38.el7.ppc64.rpm autotrace-debuginfo-0.31.1-38.el7.ppc.rpm autotrace-debuginfo-0.31.1-38.el7.ppc64.rpm autotrace-devel-0.31.1-38.el7.ppc.rpm autotrace-devel-0.31.1-38.el7.ppc64.rpm inkscape-0.92.2-3.el7.ppc64.rpm inkscape-debuginfo-0.92.2-3.el7.ppc64.rpm inkscape-docs-0.92.2-3.el7.ppc64.rpm inkscape-view-0.92.2-3.el7.ppc64.rpm ppc64le: ImageMagick-c++-devel-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-devel-6.9.10.68-3.el7.ppc64le.rpm ImageMagick-doc-6.9.10.68-3.el7.ppc64le.rpm autotrace-0.31.1-38.el7.ppc64le.rpm autotrace-debuginfo-0.31.1-38.el7.ppc64le.rpm autotrace-devel-0.31.1-38.el7.ppc64le.rpm inkscape-debuginfo-0.92.2-3.el7.ppc64le.rpm inkscape-docs-0.92.2-3.el7.ppc64le.rpm inkscape-view-0.92.2-3.el7.ppc64le.rpm s390x: ImageMagick-c++-6.9.10.68-3.el7.s390.rpm ImageMagick-c++-6.9.10.68-3.el7.s390x.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.s390.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.s390x.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.s390.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.s390x.rpm ImageMagick-devel-6.9.10.68-3.el7.s390.rpm ImageMagick-devel-6.9.10.68-3.el7.s390x.rpm ImageMagick-doc-6.9.10.68-3.el7.s390x.rpm autotrace-0.31.1-38.el7.s390.rpm autotrace-0.31.1-38.el7.s390x.rpm autotrace-debuginfo-0.31.1-38.el7.s390.rpm autotrace-debuginfo-0.31.1-38.el7.s390x.rpm autotrace-devel-0.31.1-38.el7.s390.rpm autotrace-devel-0.31.1-38.el7.s390x.rpm inkscape-0.92.2-3.el7.s390x.rpm inkscape-debuginfo-0.92.2-3.el7.s390x.rpm inkscape-docs-0.92.2-3.el7.s390x.rpm inkscape-view-0.92.2-3.el7.s390x.rpm x86_64: ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm autotrace-0.31.1-38.el7.i686.rpm autotrace-0.31.1-38.el7.x86_64.rpm autotrace-debuginfo-0.31.1-38.el7.i686.rpm autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm autotrace-devel-0.31.1-38.el7.i686.rpm autotrace-devel-0.31.1-38.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm inkscape-docs-0.92.2-3.el7.x86_64.rpm inkscape-view-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ImageMagick-6.9.10.68-3.el7.src.rpm emacs-24.3-23.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm noarch: emacs-filesystem-24.3-23.el7.noarch.rpm x86_64: ImageMagick-6.9.10.68-3.el7.i686.rpm ImageMagick-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm emacs-24.3-23.el7.x86_64.rpm emacs-common-24.3-23.el7.x86_64.rpm emacs-debuginfo-24.3-23.el7.x86_64.rpm emacs-nox-24.3-23.el7.x86_64.rpm inkscape-0.92.2-3.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): Source: autotrace-0.31.1-38.el7.src.rpm noarch: emacs-el-24.3-23.el7.noarch.rpm emacs-terminal-24.3-23.el7.noarch.rpm x86_64: ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm autotrace-0.31.1-38.el7.i686.rpm autotrace-0.31.1-38.el7.x86_64.rpm autotrace-debuginfo-0.31.1-38.el7.i686.rpm autotrace-debuginfo-0.31.1-38.el7.x86_64.rpm autotrace-devel-0.31.1-38.el7.i686.rpm autotrace-devel-0.31.1-38.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm inkscape-docs-0.92.2-3.el7.x86_64.rpm inkscape-view-0.92.2-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-11166 https://access.redhat.com/security/cve/CVE-2017-12805 https://access.redhat.com/security/cve/CVE-2017-12806 https://access.redhat.com/security/cve/CVE-2017-18251 https://access.redhat.com/security/cve/CVE-2017-18252 https://access.redhat.com/security/cve/CVE-2017-18254 https://access.redhat.com/security/cve/CVE-2017-18271 https://access.redhat.com/security/cve/CVE-2017-18273 https://access.redhat.com/security/cve/CVE-2017-1000476 https://access.redhat.com/security/cve/CVE-2018-8804 https://access.redhat.com/security/cve/CVE-2018-9133 https://access.redhat.com/security/cve/CVE-2018-10177 https://access.redhat.com/security/cve/CVE-2018-10804 https://access.redhat.com/security/cve/CVE-2018-10805 https://access.redhat.com/security/cve/CVE-2018-11656 https://access.redhat.com/security/cve/CVE-2018-12599 https://access.redhat.com/security/cve/CVE-2018-12600 https://access.redhat.com/security/cve/CVE-2018-13153 https://access.redhat.com/security/cve/CVE-2018-14434 https://access.redhat.com/security/cve/CVE-2018-14435 https://access.redhat.com/security/cve/CVE-2018-14436 https://access.redhat.com/security/cve/CVE-2018-14437 https://access.redhat.com/security/cve/CVE-2018-15607 https://access.redhat.com/security/cve/CVE-2018-16328 https://access.redhat.com/security/cve/CVE-2018-16749 https://access.redhat.com/security/cve/CVE-2018-16750 https://access.redhat.com/security/cve/CVE-2018-18544 https://access.redhat.com/security/cve/CVE-2018-20467 https://access.redhat.com/security/cve/CVE-2019-7175 https://access.redhat.com/security/cve/CVE-2019-7397 https://access.redhat.com/security/cve/CVE-2019-7398 https://access.redhat.com/security/cve/CVE-2019-9956 https://access.redhat.com/security/cve/CVE-2019-10131 https://access.redhat.com/security/cve/CVE-2019-10650 https://access.redhat.com/security/cve/CVE-2019-11470 https://access.redhat.com/security/cve/CVE-2019-11472 https://access.redhat.com/security/cve/CVE-2019-11597 https://access.redhat.com/security/cve/CVE-2019-11598 https://access.redhat.com/security/cve/CVE-2019-12974 https://access.redhat.com/security/cve/CVE-2019-12975 https://access.redhat.com/security/cve/CVE-2019-12976 https://access.redhat.com/security/cve/CVE-2019-12978 https://access.redhat.com/security/cve/CVE-2019-12979 https://access.redhat.com/security/cve/CVE-2019-13133 https://access.redhat.com/security/cve/CVE-2019-13134 https://access.redhat.com/security/cve/CVE-2019-13135 https://access.redhat.com/security/cve/CVE-2019-13295 https://access.redhat.com/security/cve/CVE-2019-13297 https://access.redhat.com/security/cve/CVE-2019-13300 https://access.redhat.com/security/cve/CVE-2019-13301 https://access.redhat.com/security/cve/CVE-2019-13304 https://access.redhat.com/security/cve/CVE-2019-13305 https://access.redhat.com/security/cve/CVE-2019-13306 https://access.redhat.com/security/cve/CVE-2019-13307 https://access.redhat.com/security/cve/CVE-2019-13309 https://access.redhat.com/security/cve/CVE-2019-13310 https://access.redhat.com/security/cve/CVE-2019-13311 https://access.redhat.com/security/cve/CVE-2019-13454 https://access.redhat.com/security/cve/CVE-2019-14980 https://access.redhat.com/security/cve/CVE-2019-14981 https://access.redhat.com/security/cve/CVE-2019-15139 https://access.redhat.com/security/cve/CVE-2019-15140 https://access.redhat.com/security/cve/CVE-2019-15141 https://access.redhat.com/security/cve/CVE-2019-16708 https://access.redhat.com/security/cve/CVE-2019-16709 https://access.redhat.com/security/cve/CVE-2019-16710 https://access.redhat.com/security/cve/CVE-2019-16711 https://access.redhat.com/security/cve/CVE-2019-16712 https://access.redhat.com/security/cve/CVE-2019-16713 https://access.redhat.com/security/cve/CVE-2019-17540 https://access.redhat.com/security/cve/CVE-2019-17541 https://access.redhat.com/security/cve/CVE-2019-19948 https://access.redhat.com/security/cve/CVE-2019-19949 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOdPNzjgjWX9erEAQgkQw/+LM7Z3kk7JCZaRbvATwBJ9nULIP3sW5W8 tdrJ2sHqjn2kapTfN/uSMSLDtXkJVWsd3HTQ7+c4A4S+oFip+kaf6HonJyrfrxGO YwJzklVQ6EcU4Latz40D5C11t0g9YfVqQM+udwylzqNpSQ3xxvfRpYB5qe2HAxXP K2lh/8lU//Xl4+o4waZ3DBV3YljAvEB6a6Mh8KOIgyi+zDFJ4xH/gvlYC2FhzAuG JFLHJSKAvt+MZFsq4IqdSCB6YgJnTj4tLKNxVSFgx/rKl4psO3zovrX8v6HWIe3M F2+XZwRv8JDb1nZm3TcirSj9NCSdSQBKR8vkAU/DOBjGDlA7adEIjxLR1bUPjrsD IZ7aZAEuFWZjVIGizBBdM0y13ER1ikVsNrLf1CzWMifCSqi/7U2j0hzCXefF6vxN kkrw0jYn0N0neE74iwTjBQvm8wkSRs6VJcmjfna50szdI3JqNwneo11ag+YQXxYh HwtZKadHCaml11i2Ir+dwkANVrO/Omz8G8iszL3PGVN4P7loxDNLjxr3XIe4FLHQ BtxxF3LFkfdL2Aq/8L+xewLddMy9th/DJDMRwGZJpkDzumLuK7G6djxNTTa00buh 3HI45kryC4odYuZKNyzjB+8aCKVPROp03mBberA2ej0+ZEFVO/wWTl2490o3V8ji GT9NXw7ciKE= =Ca7e - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXoQz/GaOgq3Tt24GAQhCbg/+Kdp5UqcZlzp27kV6Oo/xZOyxRVR0MrS0 b5ul2HnzwEPAtPi2bDl+G5LxC66QBJxdeg11mEkU6gu4jYyfpXbu1yMQvqPSg5uh 0fg4X9UzyZfdjppvvyz6w+265Mi9dIr5yHTF3JEdoyJfHr881ZJddR48ZhTkTB6w 16lrlnY5FvTf4L+cpU1bWTgbWPls4Q7fdArHim8xxAXT0v8NLOgbXV67Br9WnDnR 1Gig59vt8hI6YGPJbUUhz8YsndWUT0j3MZWc2yeM/XTPezbJHUg8RK02pETyhsDd YAWx/ohernM8mfiNiHKakDm7s1ftcVmZ3GQHfbj91IvuFJnBLIlhjohGwnq5j3tH /squg24DqaErj5+KZeaPv0i+WZBpNLeaLfWE9YuxLOml5wDFnxwpO0PqAayodWln EloAVlexgzivXgdjlBNtHFWNxdcSG2hHBc+3qpqhkpCvS25BDADLslmQDqK+Sdku nh/94e1+HZ/E30zEaQC/IChFAmjcWYD/pi36Bfar1xHDmnJ5h/nVoX9RR5CrFrJJ mVody5wl4FUPW/M0f0Aq27WObApr3ImFFhSk9k5CZdfCNoXQSUGX25UkVGkj+0Xl pfA1JnXeimptKU/YrPJEvdYe7h7r9+Njc42b1d6/hOqjLjAcmZP5CnFwiJgTWdN9 lYPY9qfGhek= =b6o5 -----END PGP SIGNATURE-----