[ GLSA 201711-07 ] ImageMagick: Multiple vulnerabilities

\n\n–nextPart53969997.6oLp9r7RRt
Content-Type: multipart/alternative; boundary=”nextPart9017326.BqSua2LovU”
Content-Transfer-Encoding: 7Bit

This is a multi-part message in MIME format.

–nextPart9017326.BqSua2LovU
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset=”us-ascii”

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201711-07
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: ImageMagick: Multiple vulnerabilities
Date: November 11, 2017
Bugs: #626454, #626906, #627036, #628192, #628490, #628646,
#628650, #628700, #628702, #629354, #629482, #629576,
#629932, #630256, #630458, #630674, #635200, #635664, #635666
ID: 201711-07

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in ImageMagick, the worst of
which may allow remote attackers to cause a Denial of Service
condition.

Background
==========

A collection of tools and libraries for many image formats.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 media-gfx/imagemagick = 6.9.9.20

Description
===========

Multiple vulnerabilities have been discovered in ImageMagick. Please
review the referenced CVE identifiers for details.

Impact
======

Remote attackers, by enticing a user to process a specially crafted
file, could obtain sensitive information, cause a Denial of Service
condition, or have other unspecified impacts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ImageMagick users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=media-gfx/imagemagick-6.9.9.20″

References
==========

[ 1 ] CVE-2017-11640
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640
[ 2 ] CVE-2017-11724
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724
[ 3 ] CVE-2017-12140
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140
[ 4 ] CVE-2017-12418
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418
[ 5 ] CVE-2017-12427
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427
[ 6 ] CVE-2017-12691
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691
[ 7 ] CVE-2017-12692
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692
[ 8 ] CVE-2017-12693
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693
[ 9 ] CVE-2017-12876
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876
[ 10 ] CVE-2017-12877
–nextPart9017326.BqSua2LovU
Content-Transfer-Encoding: 7Bit
Content-Type: text/html; charset=”us-ascii”

p, li { white-space: pre-wrap; }

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Gentoo Linux Security Advisory GLSA 201711-07

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

https://security.gentoo.org/

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

 

Severity: Normal

Title: ImageMagick: Multiple vulnerabilities

Date: November 11, 2017

Bugs: #626454, #626906, #627036, #628192, #628490, #628646,

#628650, #628700, #628702, #629354, #629482, #629576,

#629932, #630256, #630458, #630674, #635200, #635664, #635666

ID: 201711-07

 

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

 

Synopsis

========

 

Multiple vulnerabilities have been found in ImageMagick, the worst of

which may allow remote attackers to cause a Denial of Service

condition.

 

Background

==========

 

A collection of tools and libraries for many image formats.

 

Affected packages

=================

 

——————————————————————-

Package / Vulnerable / Unaffected

——————————————————————-

1 media-gfx/imagemagick < 6.9.9.20 >= 6.9.9.20

 

Description

===========

 

Multiple vulnerabilities have been discovered in ImageMagick. Please

review the referenced CVE identifiers for details.

 

Impact

======

 

Remote attackers, by enticing a user to process a specially crafted

file, could obtain sensitive information, cause a Denial of Service

condition, or have other unspecified impacts.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All ImageMagick users should upgrade to the latest version:

 

# emerge –sync

# emerge –ask –oneshot –verbose ">=media-gfx/imagemagick-6.9.9.20"

 

References

==========

 

[ 1 ] CVE-2017-11640

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640

[ 2 ] CVE-2017-11724

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724

[ 3 ] CVE-2017-12140

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140

[ 4 ] CVE-2017-12418

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418

[ 5 ] CVE-2017-12427

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427

[ 6 ] CVE-2017-12691

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691

[ 7 ] CVE-2017-12692

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692

[ 8 ] CVE-2017-12693

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693

[ 9 ] CVE-2017-12876

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876

[ 10 ] CVE-2017-12877

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12877

[ 11 ] CVE-2017-12983

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983

[ 12 ] CVE-2017-13058

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058

[ 13 ] CVE-2017-13059

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059

[ 14 ] CVE-2017-13060

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060

[ 15 ] CVE-2017-13061

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061

[ 16 ] CVE-2017-13062

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062

[ 17 ] CVE-2017-13131

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131

[ 18 ] CVE-2017-13132

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132

[ 19 ] CVE-2017-13133

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133

[ 20 ] CVE-2017-13134

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134

[ 21 ] CVE-2017-13139

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139

[ 22 ] CVE-2017-13140

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140

[ 23 ] CVE-2017-13141

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141

[ 24 ] CVE-2017-13142

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142

[ 25 ] CVE-2017-13143

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143

[ 26 ] CVE-2017-13144

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144

[ 27 ] CVE-2017-13145

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145

[ 28 ] CVE-2017-13146

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146

[ 29 ] CVE-2017-13758

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13758

[ 30 ] CVE-2017-13768

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13768

[ 31 ] CVE-2017-13769

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13769

[ 32 ] CVE-2017-14060

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14060

[ 33 ] CVE-2017-14137

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137

[ 34 ] CVE-2017-14138

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138

[ 35 ] CVE-2017-14139

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139

[ 36 ] CVE-2017-14172

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172

[ 37 ] CVE-2017-14173

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173

[ 38 ] CVE-2017-14174

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174

[ 39 ] CVE-2017-14175

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175

[ 40 ] CVE-2017-14224

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14224

[ 41 ] CVE-2017-14248

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14248

[ 42 ] CVE-2017-14249

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14249

[ 43 ] CVE-2017-15281

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

https://security.gentoo.org/glsa/201711-07

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users’ machines is of utmost

importance to us. Any security concerns should be addressed to

security@gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2017 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons – Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

–nextPart9017326.BqSua2LovU–

–nextPart53969997.6oLp9r7RRt
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

—–BEGIN PGP SIGNATURE—–

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAloHBiYACgkQpRQw84X1
dt15PggApAjtnL14Or6giP3Y/bVFgOI+3BzcHSI8PMyH5PAWGoqnQ0dblui2ZiaP
uGHPGID5w36rhdZVgvkEoh3UaWFMxTfDtLPvvE0Fu4/f3AseXQLqGXhKJp8mYIKc
QumLBGwdIJWa7vEBlFbZUh084JH30xOpXbOR5KwIEJ7jQW95YbnH0yG8SpbvhgTw
GcAUiBGKi6PAWcH4exgAfshPvAa2MwcBp0qxkn5GM28Rfa7CxI5w0ss3pXCEyz7O
0rjYdTtY8eVYpOr8nSPK3+RkdNL3wArufHe/O4BbBB8HFNKsZoi80HRUDdgqpgCX
49YK3ld4KVUb9FDG41Bcndm/2o5UFA==
=E1cl
—–END PGP SIGNATURE—–

–nextPart53969997.6oLp9r7RRt–