Advisories » MGASA-2021-0156

Updated imagemagick packages fix security vulnerabilities

Publication date: 27 Mar 2021
Modification date: 28 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-20241 , CVE-2021-20243 , CVE-2021-20244 , CVE-2021-20246

Description

A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits 
a crafted file that is processed by ImageMagick could trigger undefined 
behavior in the form of math division by zero. The highest threat from 
this vulnerability is to system availability (CVE-2021-20241).

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits
a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from
this vulnerability is to system availability (CVE-2021-20243).

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who
submits a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from this
vulnerability is to system availability (CVE-2021-20244).

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who
submits a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from this
vulnerability is to system availability (CVe-2021-20246).

Note that abydos, blender, converseen, cuneiform-linux, digikam, kxxstich,
libopenshot, pfstools, php-imagick, spectacle, synfig, xine-lib1.2, mgba,
windowmaker, zbar and transcode (and tainted conter-parts) have been rebuilt.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28462
• https://lists.suse.com/pipermail/sle-security-updates/2021-February/008374.html
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6SG6MVYKVW7O5POXSG4CGOWDIOAZCWWT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20241
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20243
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20244
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20246

SRPMS

7/tainted

• imagemagick-7.0.10.62-1.mga7.tainted
• abydos-0.1.3-2.2.mga7.tainted
• transcode-1.1.7-23.2.mga7.tainted
• xine-lib1.2-1.2.9-9.2.mga7.tainted

7/core

• imagemagick-7.0.10.62-1.mga7
• abydos-0.1.3-2.2.mga7
• blender-2.79b-14.git20190504.2.mga7
• converseen-0.9.7.2-2.2.mga7
• cuneiform-linux-1.1.0-15.1.mga7
• digikam-6.1.0-4.1.mga7
• kxstitch-2.1.1-5.1.mga7
• libopenshot-2.4.4-2.2.mga7
• pfstools-2.1.0-13.2.mga7
• php-imagick-3.4.4-1.2.mga7
• pythonmagick-0.9.19-4.1.mga7
• spectacle-19.04.0-1.1.mga7
• synfig-1.2.2-1.2.mga7
• xine-lib1.2-1.2.9-9.2.mga7
• sk1-2.0-0.rc3.5.2.mga7
• uniconvertor-2.0-0.1.rc3_20171226.2.2.mga7
• mgba-0.6.3-5.2.mga7
• windowmaker-0.95.8-5.1.mga7
• zbar-0.23-1.1.mga7

8/core

• imagemagick-7.0.10.62-1.mga8
• abydos-0.2.3-4.1.mga8
• blender-2.83.10-3.1.mga8
• converseen-0.9.8.1-4.1.mga8
• cuneiform-linux-1.1.0-18.1.mga8
• digikam-7.1.0-4.1.mga8
• kxstitch-2.2.0-4.1.mga8
• libopenshot-0.2.5-5.1.mga8
• pfstools-2.1.0-20.1.mga8
• php-imagick-3.4.5-0.git20201230.2.1.mga8
• pythonmagick-0.9.19-10.1.mga8
• spectacle-20.12.0-2.1.mga8
• synfig-1.2.2-11.1.mga8
• xine-lib1.2-1.2.11-1.1.mga8
• mgba-0.8.4-1.1.mga8
• windowmaker-0.95.9-3.1.mga8
• zbar-0.23.1-5.1.mga8

8/tainted

• imagemagick-7.0.10.62-1.mga8.tainted
• abydos-0.2.3-4.1.mga8.tainted
• transcode-1.1.7-29.1.mga8.tainted
• xine-lib1.2-1.2.11-1.1.mga8.tainted