Your message dated Fri, 14 Jul 2017 13:55:16 +0000 with message-id <e1dw13s-000djc...@fasolo.debian.org> and subject line Bug#864273: fixed in imagemagick 8:6.9.7.4+dfsg-12 has caused the Debian Bug report #864273, regarding imagemagick: CVE-2017-9440 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864273 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: normal Tags: security upstream patch fixed-upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/462 Hi, the following vulnerability was published for imagemagick. CVE-2017-9440[0]: | In ImageMagick 7.0.5-5, a memory leak was found in the function | ReadPSDChannel in coders/psd.c, which allows attackers to cause a | denial of service via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9440 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9440 [1] https://github.com/ImageMagick/ImageMagick/issues/462 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-12 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jul 2017 15:35:15 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source Version: 8:6.9.7.4+dfsg-12 Distribution: unstable Urgency: medium Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-t...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in coders/tga.c using tga_info.bits_per_pixel field diretly from VST file without checking in tga.c By review the founction code, tga_info.bits_per_pixel max valid value is 32. On 32bit os, size_t one will be 32bit, so image->colors can be overflow to 0. On 64bit os, size_t one will be 64bit, so image->colors can be large as 0x100000000(64GB). (Closes: #868184) + Memory exhaustion in ReadCINImage When identify CIN file that contains User defined data, imagemagick will allocate memory to store the data in function ReadCINImage in coders\inc.c There is a security checking in the function SetImageExtent, but it after memory allocation, so IM can not control the memory usage (Closes: #867810) + CPU exhaustion in ReadRLEImage A corrupted rle file could trigger a DOS (Closes: #867808) + Memory leak in ReadDIBImage in dib.c The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file. (Closes: #867811) + Memory exhaustion in ReadDPXImage in dpx.c When identify DPX file that contains user header data, imagemagick will allocate memory to store the data in function ReadDPXImage in coders\dpx.c There is a security checking in the function SetImageExtent, but it is too late, so IM can not control the memory usage. (Closes: #867812) + Enable heap overflow check for stdin for mpc files Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. (Closes: #867896) + Assertion failure in WriteBlob A crafted file revealed an assertion failure in blob.c. (Closes: #867798) + Memory exhaustion in ReadEPTImage in ept.c When identify EPT file , imagemagick will allocate memory to store the data. There is a security checking in the function SetImageExtent, but it is not used in the allocation function, so IM can not control the memory usage. (Closes: #867821) + CPU exhaustion in ReadOneJNGImage Due to lack of validation of PNG format, imagemagick could loop 2^32 in a CPU intensive loop. (Closes: #867824, #867825). + CPU exhaustion in ReadOneDJVUImag Due to lack of format validation, a crafted file will cause a loop to run endless. (Closes: #867826). + Zero pixel buffer Avoid a data leak in case of incorrect file by clearing a buffer (Closes: #867893). + memory leak in ReadMATImage in mat.c The ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a small crafted mat file. (Closes: #867823). + Avoid heap based overflow for jpeg A corrupted jpeg file could trigger an heap overflow (Closes: #867894). + Fix a memory leak in screenshot coder (Closes: #867897) Checksums-Sha1: 3d90914c6d86d4b36fbc80400725b25384f8735c 5137 imagemagick_6.9.7.4+dfsg-12.dsc 893fa5b030147239ca39394dc7a335dc7aa4934e 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz a59faecc6842d8fc0b26d6e9c3280dd73be53207 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo Checksums-Sha256: f445c59ca48e8869b7676ed7336295c780478acfef00161a652f5a228a34cec3 5137 imagemagick_6.9.7.4+dfsg-12.dsc 8b91345baf34eeeadc6ea8e744a4d0f57ebf976c386833b55411b5faa862aa65 230416 imagemagick_6.9.7.4+dfsg-12.debian.tar.xz 856cd6486e65aa3170819b0430e65fcaeb59a8474f857ef4ee71295852ba18c8 12956 imagemagick_6.9.7.4+dfsg-12_source.buildinfo Files: a6227a37d15c2b19bf999fe91d4b373b 5137 graphics optional imagemagick_6.9.7.4+dfsg-12.dsc 20c4df2b2199408aee6abea9baacaed4 230416 graphics optional imagemagick_6.9.7.4+dfsg-12.debian.tar.xz e005c9489d784877411aef2032dd4b55 12956 graphics optional imagemagick_6.9.7.4+dfsg-12_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlloyNcACgkQADoaLapB CF92VA/6AsGc6Ezo71sxhMxClnTl6tentb3Zv+KAujRiNyOe8qwrdppL40mAYvaV NImBUxk26Fbypbvs9UxzBEb52BP5ZcOS7t/e/De5SPYdMlDpdzOFFs5ygvVU9MmZ eDAz3lRfnEAIVtLwrhYbxzfhsRNkXqrsmmSKge90Zc28VSO1vibE3Tu1VCYQJPzx gEe2K5ghTrbG/DRF6L96u+bilajP76GUQFbbTEjtd8XLczmrAMZgpWEXiG5ZqQBh OhvgjATw5WbiSbenErnxciCxu82wAOetsLtGwzwfrfDcOwqzfI6J5Oss6C1pf9uB YNbrP6EwmUzjm23qDunnyZdOUZngNs7JOJvN9MhK3udBOU0tqvEsq+qAtv89wnTi X7mWlHl5DAStNYFUIGgRnezJ+4IzXJHh5qsRC2WD3C8ebizvuRWUMy1RbT+07QaD 5D4lFuu3XQldfpmb/N3cGGPsD6WiwrigQeEdjA7XmDJbSmj2pACuuu+JJWq33dHU 3vLwND2qHBEBW9yaeQZf3zYYV22XzWxfu3s/a3PZZ/j88mHDrAWhCS3PEIvzi2g5 D0z/dJwt0/oykRPJAMln80eBqKnBdbeYKcwpE8IUM/pq/dg3y21diJj/fAaNbv36 FNmW9mELe3ZVTEBqkDITD054q1fJYKuCT8uBIZ0ElnP8o8hRZk4= =m2Hc -----END PGP SIGNATURE-----
--- End Message ---
