UbuntuUpdates.org

Package "imagemagick"

Name: imagemagick

Description:

image manipulation programs
Latest version: 8:6.6.9.7-5ubuntu3.9
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.imagemagick.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "imagemagick"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "imagemagick" in Precise

Repository Area Version
base main 8:6.6.9.7-5ubuntu3
security main 8:6.6.9.7-5ubuntu3.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8:6.6.9.7-5ubuntu3.4 2016-06-02 15:06:45 UTC

  imagemagick (8:6.6.9.7-5ubuntu3.4) precise-security; urgency=medium

  * SECURITY UPDATE: ImageTragick remote code execution
    - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
    - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
    - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
    - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
    - d/p/0080-Prevent-indirect-reads-with-label-at.patch
    - d/p/0081-Less-secure-coders-require-explicit-reference.patch
    - CVE-2016-3714
    - CVE-2016-3715
    - CVE-2016-3716
    - CVE-2016-3717
    - CVE-2016-3718
  * SECURITY UPDATE: popen() shell vulnerability
    - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
    - CVE-2016-5118

 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2016 13:17:30 -0400
Source diff to previous version
CVE-2016-3714 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
CVE-2016-3715 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3716 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-3717 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3718 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (
CVE-2016-5118 popen() shell vulnerability via filename

Version: 8:6.6.9.7-5ubuntu3.3 2014-03-06 21:06:30 UTC

  imagemagick (8:6.6.9.7-5ubuntu3.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via psd
    images processing rle decoding buffer overflow
    - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
    - CVE-2014-1958
  * SECURITY UPDATE: denial of service via jpeg images with specially-
    crafted restart markers
    - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
      coders/psd.c.
    - CVE-2014-2030
  * SECURITY UPDATE: denial of service via crafted sequence of restart
    markers
    - debian/patches/CVE-2012-0260.patch: limit number of warnings in
      coders/jpeg.c.
    - CVE-2012-0260
 -- Marc Deslauriers <email address hidden> Thu, 06 Mar 2014 11:37:42 -0500
Source diff to previous version
CVE-2014-1958 PSD Images Processing RLE Decoding Buffer Overflow Vulnerability
CVE-2012-0260 The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...

Version: 8:6.6.9.7-5ubuntu3.2 2012-08-22 17:06:58 UTC

  imagemagick (8:6.6.9.7-5ubuntu3.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via large resource consumption
    - debian/patches/CVE-2012-3437.patch: always use correct size argument
      with libpng memory allocation
    - CVE-2012-3437
 -- Jamie Strandboge <email address hidden> Fri, 17 Aug 2012 09:34:29 -0500
Source diff to previous version
CVE-2012-3437 The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow

Version: 8:6.6.9.7-5ubuntu3.1 2012-05-02 12:09:24 UTC

imagemagick (8:6.6.9.7-5ubuntu3.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malformed ResolutionUnit or IOP tags.
    - debian/patches/CVE-2012-0247.patch: properly calculate
      lengths and sizes in magick/{profile,property}.c.
    - CVE-2012-0247
    - CVE-2012-0248
    - CVE-2012-1185
    - CVE-2012-1186
  * SECURITY UPDATE: denial of service and possible code execution via
    EXIF tags.
    - debian/patches/CVE-2012-0259.patch: don't copy invalid memory in
      coders/tiff.c, properly initialize buffers in magick/property.c.
    - CVE-2012-0259
    - CVE-2012-1798
  * SECURITY UPDATE: denial of service and possible code execution via
    JPEG EXIF integer overflow.
    - debian/patches/CVE-2012-1610.patch: check number of bytes in
      magick/{profile,property}.c.
    - CVE-2012-1610

 -- Marc Deslauriers Wed, 25 Apr 2012 10:22:49 -0400


About   -   Send Feedback to @ubuntu_updates