FEDORA-2017-c276ee400a created by moezroy 4 years ago for Fedora 25

Tagging this update now as it is an urgent fix. This update includes a soname bump so affected packages will need to be rebuilt by the package maintainer or someone with proven packager privs.

This update fixes ImageTragick in Fedora as well as numerous other security issues such as:

  • Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485
  • Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470
  • Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463
  • Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845
  • Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391
  • Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847
  • Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824
  • Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801
  • Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798
  • Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796
  • Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774
  • Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757
  • Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717
  • Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835 - Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121
  • Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669
  • Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253
  • Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584
  • Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898
  • Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444
  • Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446
  • Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445
  • Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510
  • Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442
  • Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478
  • Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513
  • Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469
  • Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466
  • Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459
  • Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454
  • Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452
  • Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448
  • Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698
  • Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141
  • Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138 - ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428
  • Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790
  • Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file - bug #1354500,1361578

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by moezroy.

4 years ago

mooninite edited this update.

4 years ago
User Icon remi commented & provided feedback 4 years ago

Not acceptable, see update policy.

User Icon lupinix commented & provided feedback 4 years ago

The required rebuilds have to be done first and then pushed as one ssingle update. But the update is not compatible with update policy anyway :( (soname bump etc.)

User Icon besser82 commented & provided feedback 4 years ago

Even 6.9.9.X breaks SO-name. @kevin did an update to that in Rawhide before branching and it required several rebuilds. So IMHO it doesn't matter which version gets pushed, since both require the rebuild of their consuming apps and libs.

@moezroy Please rebuild all consumers of libimagemagick against this update / or 6.9.9.X and make sure they are a part of this update.

This update has been obsoleted.

4 years ago
User Icon robert commented & provided feedback 4 years ago

ABI breakage.

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
4 years ago
4 years ago

Automated Test Results