FEDORA-2017-3a568adb31

security update in Fedora 25 for autotrace, converseen, & 22 more

Status: stable 2 years ago

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the 6.9 branch ChangeLog.

Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.


#1490649 - emacs-25.3 is available

#1490410 - unsafe enriched mode translations (security)

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 30

This update has been submitted for testing by mooninite.

mooninite edited this update.

mooninite edited this update.

adamwill edited this update.

New build(s):

  • rubygem-rmagick-2.16.0-4.fc25.2
  • vips-8.4.4-1.fc25.1
  • vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25
  • techne-0.2.3-20.fc25
  • synfig-1.2.0-1.fc25.1
  • rss-glx-0.9.1.p-27.fc25.1
  • ripright-0.11-5.fc25
  • q-7.11-29.fc25
  • psiconv-0.9.8-22.fc25
  • php-pecl-imagick-3.4.3-2.fc25
  • pfstools-2.0.6-3.fc25
  • perl-Image-SubImageFind-0.03-13.fc25
  • kxstitch-1.2.0-9.fc25
  • imageinfo-0.05-27.fc25
  • gtatool-2.2.0-6.fc25
  • drawtiming-0.7.1-22.fc25
  • converseen-0.9.6.2-3.fc25
  • WindowMaker-0.95.7-3.fc25.1
  • emacs-25.2-5.fc25

Karma has been reset.

adamwill edited this update.

New build(s):

  • synfigstudio-1.2.0-5.fc25

Karma has been reset.

adamwill edited this update.

New build(s):

  • inkscape-0.92.1-4.20170510bzr15686.fc25.1

Karma has been reset.

subscribe for notification

Notice, as codecs moved from /usr/lib64/ImageMagick-6.9.3/ to /usr/lib64/ImageMagick-6.9.9/ a reboot should be suggested.

mooninite edited this update.

This update has been pushed to testing.

mooninite edited this update.

New build(s):

  • k3d-0.8.0.6-8.fc25

Karma has been reset.

This update has been submitted for testing by mooninite.

This update has been pushed to testing.

works and deployed to production - but which idiot tool pretends that you need to reboot because of a ImageMagick update? are we now Microsoft Windows? BTW: the bodhi webinterface becomes worser and worser

karma: +1 critpath: +1

no regressions noted on f25

karma: +1

but which idiot tool pretends ...

Me :p Read my comment above.

karma: +1 critpath: +1

we need this in stable to install other packages ...

karma: +1 critpath: +1

works for me in a VM

karma: +1

pwalter edited this update.

New build(s):

  • emacs-25.3-3.fc25
  • ImageMagick-6.9.9.13-1.fc25

Removed build(s):

  • emacs-25.2-5.fc25
  • ImageMagick-6.9.9.9-1.fc25

Karma has been reset.

This update has been submitted for testing by pwalter.

This update has obsoleted emacs-25.3-1.fc25, and has inherited its bugs and notes.

Could people give this update karma again so that we can move it to stable quickly? Thanks!

I already installed it and no regressions noted

karma: +1 critpath: +1

This update has been pushed to testing.

karma: +1 critpath: +1

This update has been submitted for stable by pwalter.

This has spent enough time in updates-testing now and has gotten sufficient testing. Submitted to stable now. Thanks for testing everybody!

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 35

00 #1350462 CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all]
00 #1361494 CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all]
00 #1361578 CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all]
00 #1378790 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all]
00 #1408404 CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all]
00 #1410515 ImageMagick: various flaws [fedora-all]
00 #1413898 CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all]
00 #1453125 CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all]
00 #1455602 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all]
00 #1465064 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all]
00 #1470670 CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all]
00 #1471122 CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all]
00 #1471837 CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all]
00 #1473719 CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all]
00 #1473758 CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all]
00 #1473775 CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all]
00 #1473797 CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all]
00 #1473799 CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all]
00 #1473825 CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all]
00 #1473848 CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all]
00 #1474420 CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all]
00 #1474846 CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all]
00 #1475464 CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all]
00 #1475471 CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all]
00 #1475486 CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all]
00 #1477070 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all]
00 #1477566 CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all]
00 #1482626 CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all]
00 #1482655 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all]
00 #1483117 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all]
00 #1483132 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all]
00 #1483575 CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all]
00 #1490409 CVE-2017-14482 emacs: command injection flaw within "enriched mode" handling
00 #1490410 CVE-2017-14482 emacs: Unsafe enriched mode translations [fedora-all]
00 #1490649 emacs-25.3 is available

Automated Test Results