#8365: ImageMagick-6.9.5-10 (Security Issues reported in oss-sec)
-------------------------+-------------------------
Reporter: renodr | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: highest | Milestone: 7.11
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
Update ImageMagick-6 to its latest version (6.9.5-10). This will resolve
several issues mentioned in the oss-security mailing list.
The following CVEs will be fixed:
{{{
CVE-2016-6823: ImageMagick BMP Coder Out-of-Bounds Write Vulnerability
CVE-2016-7101: ImageMagick SGI Coder Out-of-Bounds Read Vulnerability
CVE-2016-7513: off-by-one error leading to segfault
CVE-2016-7514: out-of-bounds read in coders/psd.c
CVE-2016-7515: rle handling for corrupted file
CVE-2015-8957: heap buffer overflow in hdr file handling
CVE-2015-8958: potential DoS in sun file handling due to malformed files
CVE-2016-7516: out-of-bounds / heap-buffer-overflow problem in viff files
CVE-2016-7517: out-of-bounds / heap-buffer-overflow problem in pict files
CVE-2016-7518: out-of-bounds / heap-buffer-overflow problem in sun files
CVE-2016-7519: out-of-bounds / heap-buffer-overflow problem in rle files
CVE-2016-7520: heap buffer overflow in hdr file handling
CVE-2016-7521: heap buffer overflow in psd file handling
CVE-2016-7522: out of bounds access for malformed psd files
CVE-2016-7523: heap buffer overflow / out of bounds access in meta.c
CVE-2016-7524: heap buffer overflow / out of bounds access in meta.c
CVE-2016-7525: heap buffer overflow in psd file coder
CVE-2016-7526: heap-buffer-overflow / out-of-bounds access in wpg file
coder
CVE-2016-7527: global buffer overflow in wpg file coder
CVE-2016-7528: out-of-bounds access / SIGSEGV on unknown address in viff
file coder
CVE-2016-7529: out-of-bounds access in xcf file coder
CVE-2016-7530: out-of-bounds in quantum handling
CVE-2016-7531: pbd file out of bounds access
CVE-2016-7532: Fix handling of corrupted psd files
CVE-2016-7533: heap-buffer-overflow for corrupted wpg files
CVE-2016-7534: out of bounds access in generic decoder
CVE-2016-7535: out-of-bounds access for corrupted psd files
CVE-2016-7536: SIGSEGV reported in corrupted profile handling
CVE-2016-7537: out-of-bounds access for corrupted pdb file
CVE-2016-7538: SIGABRT and heap-buffer-overflow for corrupted pdb file
CVE-2015-8959: DOS due to corrupted DDS files
CVE-2014-9907: DOS due to corrupted DDS files
CVE-2016-7539: potential DOS due to not releasing memory
CVE-2016-7540: writing to rgf format aborts
}}}
The above is a total of 35 vulnerabilities.
I can post links to oss-security stuff when I'm not on the university
network.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/8365>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
