Release Info

Advisory: CLSA-2021:1635459194

OS: Ubuntu 16.04 ELS

Public date: 2021-10-28 00:00:00

Project: imagemagick

Version: 8:6.8.9.9-7ubuntu5.17

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1635459194.html

Changelog

* SECURITY UPDATE: undefined behavior - debian/patches/CVE-2020-27766.patch: fix undefined behavior in the form of values outside the range of 'unsigned long' type. - CVE-2020-27766 * SECURITY UPDATE: division by zero - debian/patches/CVE-2021-*.patch: fix potential division by zero in many places. - CVE-2021-20176, CVE-2021-20241, CVE-2021-20243, CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20311 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2021-20312.patch: fix potential integer overflow in coders/thumbnail.c which can affect system availability. - CVE-2021-20312 * SECURITY UPDATE: data leak - debian/patches/CVE-2021-20313.patch: ensure memory is always zeroed in magick/memory.c. - CVE-2021-20313

Update

Packages list

imagemagick_6.8.9.9-7ubuntu5.17_amd64.deb imagemagick-6.q16_6.8.9.9-7ubuntu5.17_amd64.deb imagemagick-common_6.8.9.9-7ubuntu5.17_all.deb imagemagick-doc_6.8.9.9-7ubuntu5.17_all.deb libimage-magick-perl_6.8.9.9-7ubuntu5.17_all.deb libimage-magick-q16-perl_6.8.9.9-7ubuntu5.17_amd64.deb libmagick++-6-headers_6.8.9.9-7ubuntu5.17_all.deb libmagick++-6.q16-5v5_6.8.9.9-7ubuntu5.17_amd64.deb libmagick++-6.q16-dev_6.8.9.9-7ubuntu5.17_amd64.deb libmagick++-dev_6.8.9.9-7ubuntu5.17_all.deb libmagickcore-6-arch-config_6.8.9.9-7ubuntu5.17_amd64.deb libmagickcore-6-headers_6.8.9.9-7ubuntu5.17_all.deb libmagickcore-6.q16-2_6.8.9.9-7ubuntu5.17_amd64.deb libmagickcore-6.q16-2-extra_6.8.9.9-7ubuntu5.17_amd64.deb libmagickcore-6.q16-dev_6.8.9.9-7ubuntu5.17_amd64.deb libmagickcore-dev_6.8.9.9-7ubuntu5.17_all.deb libmagickwand-6-headers_6.8.9.9-7ubuntu5.17_all.deb libmagickwand-6.q16-2_6.8.9.9-7ubuntu5.17_amd64.deb libmagickwand-6.q16-dev_6.8.9.9-7ubuntu5.17_amd64.deb libmagickwand-dev_6.8.9.9-7ubuntu5.17_all.deb perlmagick_6.8.9.9-7ubuntu5.17_all.deb

CVEs

CVE-2021-20311
CVE-2021-20241
CVE-2021-20244
CVE-2021-20309
CVE-2021-20246
CVE-2021-20312
CVE-2021-20176
CVE-2021-20243
CVE-2020-27766
CVE-2021-20313