Debian LTS: DLA-953-1: graphicsmagick security update | LinuxSecuri...
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u7
CVE ID         : CVE-2017-9098
Debian Bug     : 862967

Chris Evans discovered that graphicsmagick used uninitialized memory
in the RLE decoder, allowing an remote attacker to leak sensitive
information from process memory space.

More information are available at:
https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u7.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-953-1: graphicsmagick security update

May 26, 2017
Chris Evans discovered that graphicsmagick used uninitialized memory in the RLE decoder, allowing an remote attacker to leak sensitive information from process memory space

Summary

More information are available at:
https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u7.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity
Package : graphicsmagick
Version : 1.3.16-1.1+deb7u7
CVE ID : CVE-2017-9098
Debian Bug : 862967

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.