CLSA-2021:1639682357

[CLSA-2022:1648142109] Fix CVE(s): CVE-2020-27762, CVE-2020-27770, CVE-2020-27760, CVE-2020-25665, CVE-2020-19667, CVE-2020-25674, CVE-2017-13144, CVE-2020-25676, CVE-2020-25664, CVE-2020-27753, CVE-2020-27750

Type:

security

Severity:

moderate

Release date:

2022-03-24 17:15:09 UTC

Description:

   * SECURITY UPDATE: Crash if image dimensions are too large
     - debian/patches/CVE-2017-13144-*.patch: Fix memory leak in MPC image
       format
     - CVE-2017-13144
   * SECURITY UPDATE: Stack-based buffer overflow
     - debian/patches/CVE-2020-19667.patch: Zero-out memory before use
     - CVE-2020-19667
   * SECURITY UPDATE: Heap-based buffer overflow
     - debian/patches/CVE-2020-25664.patch: Expand virtual memory allocation
       by 256 bytes
     - CVE-2020-25664
   * SECURITY UPDATE: Heap-based buffer overflow
     - debian/patches/CVE-2020-25665.patch: Expand virtual memory allocation
       by 256 bytes
     - CVE-2020-25665
   * SECURITY UPDATE: Heap-based buffer overflow
     - debian/patches/CVE-2020-25674.patch: Properly calculate upper limit
       for color loop
     - CVE-2020-25674
   * SECURITY UPDATE: Signed integer overflows
     - debian/patches/CVE-2020-25676.patch: Constrain pixel offsets
       in magick/pixel.c
     - CVE-2020-25676
   * SECURITY UPDATE: Division by zero
     - debian/patches/CVE-2020-27750.patch: Replace division by multiplication
       in magick/colorspace-private.h
     - CVE-2020-27750
   * SECURITY UPDATE: Memory leaks
     - debian/patches/CVE-2020-27753.patch: Fix memory handling
       in coders/miff.c
     - CVE-2020-27753
   * SECURITY UPDATE: Division by zero
     - debian/patches/CVE-2020-27760.patch: Fix division by zeros
       in magick/enhance.c
     - CVE-2020-27760
   * SECURITY UPDATE: Outside the range of representable values
     - debian/patches/CVE-2020-27762.patch: Adds consistency checks
       in coders/hdr.c
     - CVE-2020-27762
   * SECURITY UPDATE: Unsigned int overflow
     - debian/patches/CVE-2020-27770.patch: Guard against underflow when
       decrement value in magick/string.c
     - CVE-2020-27770

Updated packages:

imagemagick_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:6f6506f00864fe57341900bdbcea0802039605e1
imagemagick-6.q16_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:188445b562fb794919093fa3408f7576ac95c749
imagemagick-common_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:47a1cc1f02c38467c052bf09a51deccd63cfb761
imagemagick-doc_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:6777baac1a11405af6bcd10a8efd807d1c49f9ac
libimage-magick-perl_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:23c24dc35fe268e3c73b4a6fb2cfc031092e7a71
libimage-magick-q16-perl_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:6f31c040f168a67003e0c0d6d393e5d7b8b7874b
libmagick++-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:e8733b8a52b4e5476a8d5dc97d241f2f40c2f524
libmagick++-6.q16-5v5_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:7335a538b55f98fa0c5cd119ca471be22d94504b
libmagick++-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:e4f86790e23ee44c4bc1f98752753a843e2e6b4e
libmagick++-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:c15c3cf6b21e98b63d3c536246c34f3be2210d28
libmagickcore-6-arch-config_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:2c76f7e6edd7b994d168b094d850f574979c5123
libmagickcore-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:11d955d860c946753d1ede8f9c039b229bc9b04c
libmagickcore-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:82173437aad7e472196d185350e70324c307a2e8
libmagickcore-6.q16-2-extra_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:255a2247255f6d9006ec46cb0ec70be0021c33e8
libmagickcore-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:65f57ff544a428bf45e310a28f4dbb81b744ed93
libmagickcore-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:17c8036d1ac7ceb0b9f00edeb01da132eccddbc4
libmagickwand-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:498f99ed864b926240f79d3e11eecf0475eb17e4
libmagickwand-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:0ca2a7533d1a6d7159631a4c88b84cce4fde143c
libmagickwand-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_amd64.deb
sha:019d1a7dcd0c77b72edd88676e445e694fd68923
libmagickwand-dev_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:33403f199aec61c5da62a61046248150e969908b
perlmagick_6.8.9.9-7ubuntu5.17+tuxcare.els2_all.deb
sha:c56c885de9d0cf0633de16e9cc21085c61afceb4

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.