-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4712-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 30, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : imagemagick
CVE ID         : CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 
                 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 
                 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 
                 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 
                 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 
                 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 
                 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 
                 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 
                 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 
                 CVE-2019-19948 CVE-2019-19949

This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.

For the stable distribution (buster), these problems have been fixed in
version 8:6.9.10.23+dfsg-2.1+deb10u1.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4712-1: imagemagick security update

June 30, 2020
This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, mem...

Summary

This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.

For the stable distribution (buster), these problems have been fixed in
version 8:6.9.10.23+dfsg-2.1+deb10u1.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/imagemagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : imagemagick
CVE ID : CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397
CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472
CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975
CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979
CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297
CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305
CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311
CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140
CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713
CVE-2019-19948 CVE-2019-19949

Related News

21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
Sign Up