FEDORA-2017-8f27031c8f

security update in Fedora 26 for autotrace, converseen, & 23 more

Status: stable 2 years ago

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the 6.9 branch ChangeLog.

Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-8f27031c8f

Comments 46

This update has been submitted for testing by mooninite.

mooninite edited this update.

New build(s):

  • autotrace-0.31.1-49.fc26

Karma has been reset.

mooninite edited this update.

mooninite edited this update.

adamwill edited this update.

New build(s):

  • rubygem-rmagick-2.16.0-4.fc26.2
  • vips-8.5.7-2.fc26
  • vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26
  • techne-0.2.3-20.fc26
  • synfig-1.2.0-9.fc26.1
  • rss-glx-0.9.1.p-29.fc26.1
  • ripright-0.11-5.fc26
  • q-7.11-29.fc26
  • psiconv-0.9.8-22.fc26
  • php-pecl-imagick-3.4.3-2.fc26
  • pfstools-2.0.6-3.fc26
  • perl-Image-SubImageFind-0.03-13.fc26
  • kxstitch-1.2.0-9.fc26
  • imageinfo-0.05-27.fc26
  • gtatool-2.2.0-6.fc26
  • drawtiming-0.7.1-22.fc26
  • dmtx-utils-0.7.4-4.fc26
  • converseen-0.9.6.2-3.fc26
  • WindowMaker-0.95.8-3.fc26
  • inkscape-0.92.1-4.20170510bzr15686.fc26.1
  • emacs-25.2-5.fc26

Karma has been reset.

adamwill edited this update.

New build(s):

  • synfigstudio-1.2.0-5.fc26

Karma has been reset.

This update has obsoleted synfig-1.2.0-5.fc26, and has inherited its bugs and notes.

subscribe for notification

Notice, as codecs moved from /usr/lib64/ImageMagick-6.9.3/ to /usr/lib64/ImageMagick-6.9.9/ a reboot should be suggested.

mooninite edited this update.

This update has been pushed to testing.

There are packages with conflicts & broken dependencies after this update:

 Problem 1: package k3d-0.8.0.6-4.fc26.x86_64 requires libMagick++-6.Q16.so.6()(64bit), but none of the providers can be installed
  - cannot install both ImageMagick-c++-6.9.9.9-1.fc26.x86_64 and ImageMagick-c++-6.9.3.0-6.fc26.x86_64
  - cannot install both ImageMagick-c++-6.9.3.0-6.fc26.x86_64 and ImageMagick-c++-6.9.9.9-1.fc26.x86_64
  - cannot install the best update candidate for package k3d-0.8.0.6-4.fc26.x86_64
  - cannot install the best update candidate for package ImageMagick-c++-6.9.3.0-6.fc26.x86_64

 Problem 2: package libopenshot-0.1.6-1.fc26.x86_64 requires libMagickCore-6.Q16.so.2()(64bit), but none of the providers can be installed

 Problem 3: package xine-lib-extras-1.2.8-3.fc26.x86_64 requires libMagickCore-6.Q16.so.2()(64bit), but none of the providers can be installed

 Problem 4: package transcode-1.1.7-19.fc26.x86_64 requires libMagickCore-6.Q16.so.2()(64bit), but none of the providers can be installed

 Problem 5: package xine-ui-0.99.9-4.fc26.x86_64 requires xine-lib-extras, but none of the providers can be installed

 Problem 6: problem with installed package xine-lib-extras-1.2.8-3.fc26.x86_64

 Problem 7: package python3-libopenshot-0.1.6-1.fc26.x86_64 requires libopenshot(x86-64) = 0.1.6-1.fc26, but none of the providers can be installed

 Problem 8: problem with installed package libopenshot-0.1.6-1.fc26.x86_64

 Problem 9: problem with installed package k3d-0.8.0.6-4.fc26.x86_64
  - package k3d-0.8.0.6-4.fc26.x86_64 requires libMagick++-6.Q16.so.6()(64bit), but none of the providers can be installed
  - cannot install both ImageMagick-c++-6.9.9.9-1.fc26.x86_64 and ImageMagick-c++-6.9.3.0-6.fc26.x86_64
  - cannot install both ImageMagick-c++-6.9.3.0-6.fc26.x86_64 and ImageMagick-c++-6.9.9.9-1.fc26.x86_64
  - package synfig-1.2.0-9.fc26.1.x86_64 requires libMagick++-6.Q16.so.8()(64bit), but none of the providers can be installed
  - cannot install the best update candidate for package synfig-1.2.0-6.fc26.x86_64

 Problem 10: package dvdrip-0.98.11-13.fc26.x86_64 requires transcode >= 0.6.13, but none of the providers can be installed

 Problem 11: problem with installed package transcode-1.1.7-19.fc26.x86_64
  - package transcode-1.1.7-19.fc26.x86_64 requires libMagickCore-6.Q16.so.2()(64bit), but none of the providers can be installed
  - cannot install both ImageMagick-libs-6.9.9.9-1.fc26.x86_64 and ImageMagick-libs-6.9.3.0-6.fc26.x86_64
  - cannot install both ImageMagick-libs-6.9.3.0-6.fc26.x86_64 and ImageMagick-libs-6.9.9.9-1.fc26.x86_64
  - package emacs-1:25.2-5.fc26.x86_64 requires libMagickCore-6.Q16.so.5()(64bit), but none of the providers can be installed
  - problem with installed package emacs-1:25.2-3.fc26.x86_64
  - package emacs-1:25.2-3.fc26.x86_64 requires emacs-common = 1:25.2-3.fc26, but none of the providers can be installed
  - cannot install both emacs-common-1:25.2-5.fc26.x86_64 and emacs-common-1:25.2-3.fc26.x86_64
  - cannot install both emacs-common-1:25.2-3.fc26.x86_64 and emacs-common-1:25.2-5.fc26.x86_64
  - cannot install the best update candidate for package emacs-common-1:25.2-3.fc26.x86_64

works for me

karma: +1

Works great! LGTM! =)

karma: +1

mooninite edited this update.

New build(s):

  • k3d-0.8.0.6-8.fc26

Karma has been reset.

This update has been submitted for testing by mooninite.

I've added k3d. The openshot, transcode, dvdrip, and xine packages will be taken care of by RPMFusion.

No regressions noted in the subset of dependent packages I use.

karma: +1 critpath: +1

Update path is ok (for installed packages), including with remi repository enabled (testing repository needed)

karma: +1 critpath: +1

no regressions noted

karma: +1

Error: Package: cuneiform-1.1.0-20.fc23.x86_64 (@fedora) Requires: libMagick++-6.Q16.so.6()(64bit) Removing: ImageMagick-c++-6.9.3.0-6.fc26.x86_64 (@fedora) libMagick++-6.Q16.so.6()(64bit) Updated By: ImageMagick-c++-6.9.9.9-1.fc26.x86_64 (updates-testing) ~libMagick++-6.Q16.so.8()(64bit)

karma: -1

wfm

karma: +1

@nerijus, cuneiform has been FTBFS since Fedora 23 and the maintainer is not responding. Upstream is also dead. The package may be retired from Fedora.

But yagf-0.9.5-4.fc26 requires cuneiform, so if the package rebuild is enough, it would be nice it was rebuilt.

@nerijus, the cuneiform package cannot be compiled. That is the problem. It is not due to ImageMagick. Please follow up in the Red Hat Bugzilla bug 1423317 if you wish to discuss this further or help.

OK then.

karma: +1

This update has been pushed to testing.

Works

karma: +1

@anonymous Please use dnf update --enablerepo=rpmfusion-free-updates-testing for packages related to RPM Fusion.

karma: +1 critpath: +1

mooninite edited this update.

New build(s):

  • vips-8.5.8-2.fc26

Removed build(s):

  • vips-8.5.7-2.fc26

Karma has been reset.

This update has been submitted for testing by mooninite.

This update has been pushed to testing.

pwalter edited this update.

New build(s):

  • ImageMagick-6.9.9.13-1.fc26
  • emacs-25.3-3.fc26

Removed build(s):

  • emacs-25.2-5.fc26
  • ImageMagick-6.9.9.9-1.fc26

Karma has been reset.

This update has been submitted for testing by pwalter.

@dhgutteridge I rebuilt emacs-25.3-3.fc26 against new ImageMagick once more which should fix the conflict.

Could people give this update karma again so that we can move it to stable faster? Otherwise we'll be running into more and more issues where packages get other updates that conflict with the rebuilds done here.

karma: +1 critpath: +1 #1410515: +1

This update has been pushed to testing.

We need two more positive karma points. Previous testers: Please provide karma again so this is pushed to stable. Thanks.

karma: +1 critpath: +1

This update has been submitted for stable by pwalter.

This has spent enough time in updates-testing now and has gotten sufficient testing. Submitted to stable now. Thanks for testing everybody!

Providing belated +1 karma for the last tweak for Emacs. @pwalter: thanks for your diligence and patience!

karma: +1 critpath: +1

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 35

00 #1299275 ImageMagick-7.0.6-9 is available
00 #1350462 CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all]
00 #1361494 CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all]
00 #1361578 CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all]
00 #1378790 CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all]
00 #1408404 CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all]
0+1 #1410515 ImageMagick: various flaws [fedora-all]
00 #1413898 CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all]
00 #1453125 CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all]
00 #1455602 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all]
00 #1465064 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all]
00 #1470670 CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all]
00 #1471122 CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all]
00 #1471837 CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all]
00 #1473719 CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all]
00 #1473758 CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all]
00 #1473775 CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all]
00 #1473797 CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all]
00 #1473799 CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all]
00 #1473802 CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all]
00 #1473825 CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all]
00 #1473848 CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all]
00 #1474420 CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all]
00 #1474846 CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all]
00 #1475464 CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all]
00 #1475471 CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all]
00 #1475486 CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all]
00 #1477070 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all]
00 #1477566 CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all]
00 #1479313 synfigstudio doesn't start
00 #1482626 CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all]
00 #1482655 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all]
00 #1483117 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all]
00 #1483132 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all]
00 #1483575 CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all]

Automated Test Results