Debian 10225 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 LTS:
DLA 1131-1: imagemagick security update

Debian GNU/Linux 8 and 9:
DSA 3995-1: libxfont security update

Debian GNU/Linux 9:
DSA 3996-1: ffmpeg security update



DLA 1131-1: imagemagick security update

Package : imagemagick
Version : 8:6.7.7.10-5+deb7u17
CVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875
CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060
CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175
CVE-2017-14224 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400
CVE-2017-14505 CVE-2017-14607 CVE-2017-14682 CVE-2017-14739
CVE-2017-14741 CVE-2017-14989 CVE-2017-15016 CVE-2017-15017
Debian Bug : 873871 875338 875339 875341 875352 875502 875503 875504
875506 876097 876099 876105 876488


This updates fixes numerous vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure, or the
execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,
PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types
of files are processed.

For Debian 7 "Wheezy", these problems have been fixed in version
8:6.7.7.10-5+deb7u17.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




DSA 3995-1: libxfont security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-3995-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxfont
CVE ID : CVE-2017-13720 CVE-2017-13722

Two vulnerabilities were found in libXfont, the X11 font rasterisation
library, which could result in denial of service or memory disclosure.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:1.5.1-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.0.1-3+deb9u1.

We recommend that you upgrade your libxfont packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 3996-1: ffmpeg security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-3996-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2017-14054 CVE-2017-14055 CVE-2017-14056
CVE-2017-14057 CVE-2017-14058 CVE-2017-14059
CVE-2017-14169 CVE-2017-14170 CVE-2017-14171
CVE-2017-14222 CVE-2017-14223 CVE-2017-14225
CVE-2017-14767

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS,
Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.

For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.8-1~deb9u1.

We recommend that you upgrade your ffmpeg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/