Summary: | <media-gfx/imagemagick-{6.9.9.40,7.0.7.28}: Multiple vulnerabilities (CVE-2018-{6405,6876,6930,7443,7470,8804,8960,9133,9135,10177}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-gfx/imagemagick-6.9.9.40
media-gfx/imagemagick-7.0.7.28
|
Runtime testing required: | --- |
Bug Depends on: | 660826 | ||
Bug Blocks: | 645366 |
Description
GLSAMaker/CVETool Bot
2018-03-20 14:55:57 UTC
CVE-2018-9135 (https://nvd.nist.gov/vuln/detail/CVE-2018-9135): In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. CVE-2018-9133 (https://nvd.nist.gov/vuln/detail/CVE-2018-9133): ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. CVE-2018-8960 (https://nvd.nist.gov/vuln/detail/CVE-2018-8960): The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. CVE-2018-6876 (https://nvd.nist.gov/vuln/detail/CVE-2018-6876): The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. CVE-2018-10177 (https://nvd.nist.gov/vuln/detail/CVE-2018-10177): In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91ceaef63a9a0768ffe6e130490915df7c3a77e7 commit 91ceaef63a9a0768ffe6e130490915df7c3a77e7 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-04-21 19:06:59 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-04-21 19:07:11 +0000 media-gfx/imagemagick: Bump Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-gfx/imagemagick/Manifest | 2 + media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 185 ++++++++++++++++++++++ media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 185 ++++++++++++++++++++++ 3 files changed, 372 insertions(+)} arm64 doesn't have stable imagemagick.. x86 stopped stabilization due to bug 653752. alpha stable hppa stable ppc stable ppc64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7914548ae9309c21b44b3e2e81dfe95e392a0b91 commit 7914548ae9309c21b44b3e2e81dfe95e392a0b91 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-23 14:18:54 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-23 14:19:18 +0000 media-gfx/imagemagick: amd64 stable wrt bug #650992 Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +- media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)} Removing depending bug 653752, test failure only affects x86 and shouldn't block any other architecture from processing the stabilization request. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c0de8cb50e8684e473f1e5147a083d32fc5ef21 commit 8c0de8cb50e8684e473f1e5147a083d32fc5ef21 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-25 05:20:42 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-25 06:08:35 +0000 media-gfx/imagemagick: stable 7.0.7.28 for sparc Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3f46c481149918b3f2cd9a1b004ac3fb0b2ea19 commit a3f46c481149918b3f2cd9a1b004ac3fb0b2ea19 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-25 05:19:14 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-25 06:08:35 +0000 media-gfx/imagemagick: stable 6.9.9.40 for sparc Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a0fd9d7cba387819e2a56b066a30079c753588b commit 2a0fd9d7cba387819e2a56b066a30079c753588b Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-27 06:13:30 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-27 06:13:37 +0000 media-gfx/imagemagick: stable 7.0.7.28 for ia64, bug #650992 Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.31, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8de500fee28ebcea09fe17deaf1325fcca023000 commit 8de500fee28ebcea09fe17deaf1325fcca023000 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-27 06:13:22 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-27 06:13:37 +0000 media-gfx/imagemagick: stable 6.9.9.40 for ia64, bug #650992 Bug: https://bugs.gentoo.org/650992 Package-Manager: Portage-2.3.31, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} arm stable Superseded by bug 660826. |