Advisories ยป MGASA-2016-0257

Updated imagemagick packages fix security vulnerabilities

Publication date: 19 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5118 , CVE-2016-5841 , CVE-2016-5842


Updated imagemagick package fixes security vulnerabilities:

The OpenBlob function in blob.c in ImageMagick allows remote attackers to
execute arbitrary code via a | (pipe) character at the start of a filename

Integer overflow in MagickCore/profile.c (CVE-2016-5841).

Buffer overread in MagickCore/property.c (CVE-2016-5842).

Also, several packages have been rebuilt to use the updated Magick++-6.Q16
library.  These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2,
kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit,
pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.