-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3652-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff August 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 Debian Bugs : 832885 832887 832888 832968 833003 832474 832475 832464 832465 832467 832457 832461 832469 832482 832483 832504 832633 832776 832780 832787 832789 823750 832455 832478 832480 832506 832785 832793 832942 832944 832890 833044 833043 833042 831034 833099 833101 827643 833812 833744 833743 833735 833732 833730 834183 834501 834163 834504 This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed. For the stable distribution (jessie), these problems have been fixed in version 8:6.8.9.9-5+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your imagemagick packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXv1pNAAoJEBDCk7bDfE42cskP/0HsHR3ttFJ8rn8a7Mbwc8tu 359/a6zFrNVbBY29WbvtMlmJ4qY8J81OrkMHNVzXsUWlNgFOnNovuMGp2P+T+D8x 3MKZ1ZNUrhbylljknZw/Gp2nZYVWTQuYBZEmk3x/sFfEx3DsyViNltReXUXX87h2 8WAo0qGbAGzAyeQ19JJ/WDCKVM4e61O7TQkss4NY1f1u610j3lG1JzygYUATdcJw G9E/W2llw/H9owNK7CtV6y/sL8VfSf/KnYL3erl7M6CzyaJfMLVRaJzbolHlkmW6 oMZxkD3BQBSk1zf2S6LJSYjez6ipbSNpTUuE1U3LS/Yqu3gdQ96m9qhDJgXpLBcj mKDWekjH4Ep5gDS44AhxpvHu305j1/2mMl/9H3gzFe1MLKMQpSQRfPihd++apUmM XofTqtjl0L4OdFgHj2M9ZeYnNP0EJQ89Yuyq7fERslFj1ip5Tf4bEAO39kmoNghY 9DzSLKGlOyfBqyGahOaYSftuxkb3gmZqtho7bw0IGCifa3byuvij6ifmL4Y65q5G Xlck5nIzMGuTadIWFQqYY7w02VVFFtX9MD2FyBfaCgV6rKkr6Nq693kWFNatwcvs 1HamncspoVM5BvKdmvykzqDxplWvZ9KpAbdz+QqyXW9P2cy7y/oMGTtSGvddsE7e c7Kswhp7uQOl6KtfEJce =jZ5n -----END PGP SIGNATURE-----