Sigurnosni nedostaci programskog paketa imagemagick

Preporuke

by - 1. srpnja 2020.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4712-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 30, 2020 https://www.debian.org/security/faq
– ————————————————————————-

Package : imagemagick
CVE ID : CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397
CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472
CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975
CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979
CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297
CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305
CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311
CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140
CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713
CVE-2019-19948 CVE-2019-19949

This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.

For the stable distribution (buster), these problems have been fixed in
version 8:6.9.10.23+dfsg-2.1+deb10u1.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl77hl8ACgkQEMKTtsN8
TjbwshAAp1/JOlprOZfp6+HCFH4cYbIOGwnDlZVn/tIS4KUZCyD0hHpOXzdohze9
ZyLHYw1uym5+Rile6M8tDAFjkwH/ePvsXi5NDJVgNM9MFZWcP+6Ai/3yCe8ZlaHS
Ji652NRQJG3PVwJp3rMVeKJsP0s7JCXxnHQC/5q9vmOLmuKDmLHbl6IMFLmkk3Ey
5IIeyjefq9Kg5CGKh0fFMm1irrUtdVoye+n3M+dPIob6aEq/spdD1iSR7Il5w6Mp
JDB9iqzGnV8gDPWwD6admujoku7kjn6Vorg9Ov/u/1cS0OFCFXXZtoWP3TSHISqH
tAnlnixHuHS7iV6DdDnzkbqJsA8GfsYskcrQ9sD8z2FueEDRchB++suKnayxNtSn
cndJPkbT8CxRdOBgEE+QJNuSsrxAM5aSEdEcQal4FgYP8WLWhsOPu3JAU1+8YLFW
PK7UMuWMh0B/scC79e3rhwrg8DvU0yFpxdRkDcznpz5NJ2hYBdcNXpnKaTOQNNgP
JfNgsn+0t7Yc2XA4Q6jmHJNOKOM4LMiOVI1LRe/6RuGNx94XJMeYw2MOmybM7xbo
s4KtXMXUUL8A0JLLHPHRUu09nerEoTXwDuJ+6lS82vEMT+XpWejcZRcw0RA5Rsud
Q4cHKw+PdAVHN32b8DfQ2uNVgZ9SZcNq24BrqCyihfNLdSxYSYg=
=dz+2
—–END PGP SIGNATURE—–

Autor	Vlatka Misic
Cert id	NCERT-REF-2020-07-0001-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	Adobe

Sigurnosni nedostaci programskog paketa imagemagick

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa lynis