Updated imagemagick packages fix security vulnerability
Publication date: 16 Jun 2018Modification date: 16 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9018
Description
Imagemagick has been updated to version 6.9.10.0 to fix several bugs and
possible security issues.
- Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts
- Missing break when checking "compliance" element.
- Fixed errant 'not enough pixel data'
- Fixed memory corruption for MVG paths
- A SVG rectangle with a width and height of 1, is a point
- Properly initialize SVG color style
- Heap buffer overflow fix
References
- https://bugs.mageia.org/show_bug.cgi?id=23156
- https://lists.opensuse.org/opensuse-updates/2018-05/msg00026.html
- https://www.debian.org/security/2018/dsa-4204
- https://usn.ubuntu.com/3681-1/
- https://legacy.imagemagick.org/script/changelog.php
- https://github.com/ImageMagick/ImageMagick/issues/1133
- https://github.com/ImageMagick/ImageMagick/issues/1156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9018
SRPMS
6/core
- imagemagick-6.9.10.0-1.mga6