MGASA-2016-0257

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0257.html

Import Source

https://advisories.mageia.org/MGASA-2016-0257.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0257

Related

Published

2016-07-19T12:47:11Z

Modified

2016-07-19T12:36:58Z

Summary

Updated imagemagick packages fix security vulnerabilities

Details

Updated imagemagick package fixes security vulnerabilities:

The OpenBlob function in blob.c in ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename (CVE-2016-5118).

Integer overflow in MagickCore/profile.c (CVE-2016-5841).

Buffer overread in MagickCore/property.c (CVE-2016-5842).

Also, several packages have been rebuilt to use the updated Magick++-6.Q16 library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / imagemagick

Package

Name: imagemagick
Purl: pkg:rpm/mageia/imagemagick?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.9.5.2-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / converseen

Package

Name: converseen
Purl: pkg:rpm/mageia/converseen?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.3-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / cuneiform-linux

Package

Name: cuneiform-linux
Purl: pkg:rpm/mageia/cuneiform-linux?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / inkscape

Package

Name: inkscape
Purl: pkg:rpm/mageia/inkscape?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.91-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / k3d

Package

Name: k3d
Purl: pkg:rpm/mageia/k3d?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0.2-10.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kcm-grub2

Package

Name: kcm-grub2
Purl: pkg:rpm/mageia/kcm-grub2?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.8-12.2.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / kxstitch

Package

Name: kxstitch
Purl: pkg:rpm/mageia/kxstitch?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / performous

Package

Name: performous
Purl: pkg:rpm/mageia/performous?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0-0.20141015.2.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Image-SubImageFind

Package

Name: perl-Image-SubImageFind
Purl: pkg:rpm/mageia/perl-Image-SubImageFind?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.30.0-2.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / pfstools

Package

Name: pfstools
Purl: pkg:rpm/mageia/pfstools?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.5-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / pstoedit

Package

Name: pstoedit
Purl: pkg:rpm/mageia/pstoedit?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.62-5.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / pythonmagick

Package

Name: pythonmagick
Purl: pkg:rpm/mageia/pythonmagick?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / synfig

Package

Name: synfig
Purl: pkg:rpm/mageia/synfig?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.64.1-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / vdr-plugin-skinelchi

Package

Name: vdr-plugin-skinelchi
Purl: pkg:rpm/mageia/vdr-plugin-skinelchi?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.8-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / vdr-plugin-skinenigmang

Package

Name: vdr-plugin-skinenigmang
Purl: pkg:rpm/mageia/vdr-plugin-skinenigmang?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.2-8.1.mga5

Ecosystem specific

{
    "section": "core"
}