Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 596004 (CVE-2016-7906)

Summary: <media-gfx/imagemagick-6.9.6.2: use after free
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 581990, 593526, 593530, 593532, 595200, 596002    

Description Ian Zimmerman 2016-10-03 03:18:00 UTC
According to the announcement on oss-security:

imagemagick identify suffers of a use after free issue, which I reported
and has been patched, you can find a reproducer in the github bug tracker
issue link

issue:
https://github.com/ImageMagick/ImageMagick/issues/281

patch:
https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0


Reproducible: Always
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-10-11 12:27:32 UTC
@arches, please stabilize:

=media-gfx/imagemagick-6.9.6.2
Comment 2 Tobias Klausmann (RETIRED) gentoo-dev 2016-10-11 14:18:34 UTC
Stable on alpha
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-11 15:51:37 UTC
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-12 10:09:36 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-14 05:43:07 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2016-10-24 18:07:58 UTC
arm stable
Comment 7 Markus Meier gentoo-dev 2016-10-26 16:34:58 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-11-20 13:46:30 UTC
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-11-27 11:40:29 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-11-28 09:35:43 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-11-28 09:38:56 UTC
ia64 stable.

Maintainer(s), please cleanup.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:45:47 UTC
This issue was resolved and addressed in
 GLSA 201611-21 at https://security.gentoo.org/glsa/201611-21
by GLSA coordinator Aaron Bauman (b-man).
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2016-11-30 21:55:55 UTC
@graphics, please clean:

media-gfx/imagemagick-6.9.5.10
Comment 14 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-17 08:05:27 UTC
Repository is now clean, all done.