10 Debian package update(s) for quigon.federez.net - Monitoring

19 Jul 2017

apticron report [Wed, 19 Jul 2017 01:38:06 +0200]
========================================================================
apticron has detected that some packages need upgrading on:
        quigon.federez.net
        [ 160.228.155.65 ]
The following packages are currently pending an upgrade:
        apache2 2.4.25-3+deb9u2
        apache2-bin 2.4.25-3+deb9u2
        apache2-data 2.4.25-3+deb9u2
        apache2-utils 2.4.25-3+deb9u2
        imagemagick 8:6.9.7.4+dfsg-11+deb9u1
        imagemagick-6-common 8:6.9.7.4+dfsg-11+deb9u1
        imagemagick-6.q16 8:6.9.7.4+dfsg-11+deb9u1
        libmagickcore-6.q16-3 8:6.9.7.4+dfsg-11+deb9u1
        libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-11+deb9u1
        libmagickwand-6.q16-3 8:6.9.7.4+dfsg-11+deb9u1
========================================================================
Package Details:
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : journaux des modifications (« changelogs »)
-------------------------------------------------------------
--- Modifications pour imagemagick (imagemagick imagemagick-6-common imagemagick-6.q16
libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3) ---
imagemagick (8:6.9.7.4+dfsg-11+deb9u1) stretch-security; urgency=high
  * Fix security bugs:
    +  Previous CVE-2017-9144 fix was incomplete.
       A crafted RLE image can trigger a crash because of incorrect
       EOF handling in coders/rle.c
       (Closes: #863126)
    +  CVE-2017-10928:
       A heap-based buffer over-read in the GetNextToken
       function in token.c allows remote attackers to obtain
       sensitive information from process memory or possibly have
       unspecified other impact via a crafted SVG document
       that is mishandled in the GetUserSpaceCoordinateValue
       function in coders/svg.c.
       (Closes: #867367).
     + CVE-2017-9500:
       An assertion failure was found in the function
       ResetImageProfileIterator, which allows attackers to cause
       a denial of service via a crafted file.
       (Closes: #867778).
     + CVE-2017-9501:
       An assertion failure was found in the function LockSemaphoreInfo,
       which allows attackers to cause a denial of service via a crafted
       file.
       (Closes: #867721).
     + CVE-2017-9440:
       A memory leak was found in the function ReadPSDChannel
       in coders/psd.c, which allows attackers to cause a denial
       of service via a crafted file.
       (Closes: 864273).
     + CVE-2017-9439:
       A memory leak was found in the function ReadPDBImage in
       coders/pdb.c, which allows attackers to cause a denial of
       service via a crafted file.
       (Closes: #864274).
     + CVE-2017-11188: CPU exhaustion in ReadDPXImage
       Because dpx.file.image_offset is a unsigned int, it can be controlled
       as large as 4294967295.
       This will cause ImageMagick spend a lot of time to process a crafted
       DPX imagefile, even if the imagefile is very small.
       (Closes: #867806)
     + CVE-2017-11141: memory exhaustion in ReadMATImage
       When identify MAT file, imagemagick will allocate memory to store data
       in function ReadMATImage.
       Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
       a anysize amount of memory, this may cause a memory exhaustion
       (Closes: #868264)
     + CVE-2017-11170: memory exhaustion in ReadTGAImage
       When identify VST file, imagemagick will allocate memory to store
       data in function ReadTGAImage in coders/tga.c
       using tga_info.bits_per_pixel field diretly from VST file without
       checking in tga.c
       By review the founction code, tga_info.bits_per_pixel max valid
       value is 32.
       On 32bit os, size_t one will be 32bit, so image->colors can be
       overflow to 0.
       On 64bit os, size_t one will be 64bit, so image->colors
       can be large as 0x100000000(64GB).
       (Closes: #868184)
     + Memory exhaustion in ReadCINImage
       When identify CIN file that contains User defined data,
       imagemagick will allocate memory to store the
       data in function ReadCINImage in coders\inc.c
       There is a security checking in the function SetImageExtent,
       but it after memory allocation, so IM can not control the memory usage
       (Closes: #867810)
     + CPU exhaustion in ReadRLEImage
       A corrupted rle file could trigger a DOS
       (Closes: #867808)
     + Memory leak in ReadDIBImage in dib.c
       The ReadDIBImage function in dib.c allows attackers
       to cause a denial of service (memory leak)
       via a small crafted dib file.
       (Closes: #867811)
     + Memory exhaustion in ReadDPXImage in dpx.c
       When identify DPX file that contains user header data,
       imagemagick will allocate memory to store the data in function
       ReadDPXImage in coders\dpx.c
       There is a security checking in the function SetImageExtent,
       but it is too late, so IM can not control the memory usage.
       (Closes: #867812)
     + Enable heap overflow check for stdin for mpc files
       Enabling seekable streams is required to ensure checking
       the blob size works when an image is streamed on stdin.
       (Closes: #867896)
     + Assertion failure in WriteBlob
       A crafted file revealed an assertion failure in blob.c.
       (Closes: #867798)
     + Memory exhaustion in ReadEPTImage in ept.c
       When identify EPT file , imagemagick will allocate memory
       to store the data.
       There is a security checking in the function SetImageExtent,
       but it is not used in the allocation function,
       so IM can not control the memory usage.
       (Closes: #867821)
     + CPU exhaustion in ReadOneJNGImage
       Due to lack of validation of PNG format, imagemagick could loop
       2^32 in a CPU intensive loop.
       (Closes:  #867824, #867825).
     + CPU exhaustion in ReadOneDJVUImag
       Due to lack of format validation, a crafted file will cause a
       loop to run endless.
       (Closes: #867826).
     + Zero pixel buffer
       Avoid a data leak in case of incorrect file by clearing a buffer
       (Closes: #867893).
     + memory leak in ReadMATImage in mat.c
       The ReadMATImage function in mat.c allows attackers to cause a
       denial of service (memory leak) via a small crafted mat file.
       (Closes: #867823).
     + Avoid heap based overflow for jpeg
       A corrupted jpeg file could trigger an heap overflow
       (Closes: #867894).
     + Fix a memory leak in screenshot coder
       (Closes: #867897)
 -- Bastien Roucariès &lt;rouca(a)debian.org&gt;  Fri, 14 Jul 2017 15:56:50 +0200
--- Modifications pour apache2 (apache2 apache2-bin apache2-data apache2-utils) ---
apache2 (2.4.25-3+deb9u2) stretch-security; urgency=medium
  * CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
 -- Stefan Fritsch &lt;sf(a)debian.org&gt;  Tue, 18 Jul 2017 20:37:33 +0200
========================================================================
You can perform the upgrade by issuing the command:
        apt-get dist-upgrade
as root on quigon.federez.net
--
apticron