Updated imagemagick packages fix security vulnerabilities
Publication date: 27 Mar 2021Modification date: 28 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-20241 , CVE-2021-20243 , CVE-2021-20244 , CVE-2021-20246
Description
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits
a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from
this vulnerability is to system availability (CVE-2021-20241).
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits
a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from
this vulnerability is to system availability (CVE-2021-20243).
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who
submits a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from this
vulnerability is to system availability (CVE-2021-20244).
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who
submits a crafted file that is processed by ImageMagick could trigger undefined
behavior in the form of math division by zero. The highest threat from this
vulnerability is to system availability (CVe-2021-20246).
Note that abydos, blender, converseen, cuneiform-linux, digikam, kxxstich,
libopenshot, pfstools, php-imagick, spectacle, synfig, xine-lib1.2, mgba,
windowmaker, zbar and transcode (and tainted conter-parts) have been rebuilt.
References
- https://bugs.mageia.org/show_bug.cgi?id=28462
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008374.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6SG6MVYKVW7O5POXSG4CGOWDIOAZCWWT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20244
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20246
SRPMS
8/core
- imagemagick-7.0.10.62-1.mga8
- abydos-0.2.3-4.1.mga8
- blender-2.83.10-3.1.mga8
- converseen-0.9.8.1-4.1.mga8
- cuneiform-linux-1.1.0-18.1.mga8
- digikam-7.1.0-4.1.mga8
- kxstitch-2.2.0-4.1.mga8
- libopenshot-0.2.5-5.1.mga8
- pfstools-2.1.0-20.1.mga8
- php-imagick-3.4.5-0.git20201230.2.1.mga8
- pythonmagick-0.9.19-10.1.mga8
- spectacle-20.12.0-2.1.mga8
- synfig-1.2.2-11.1.mga8
- xine-lib1.2-1.2.11-1.1.mga8
- mgba-0.8.4-1.1.mga8
- windowmaker-0.95.9-3.1.mga8
- zbar-0.23.1-5.1.mga8
8/tainted
- imagemagick-7.0.10.62-1.mga8.tainted
- abydos-0.2.3-4.1.mga8.tainted
- transcode-1.1.7-29.1.mga8.tainted
- xine-lib1.2-1.2.11-1.1.mga8.tainted
7/core
- imagemagick-7.0.10.62-1.mga7
- abydos-0.1.3-2.2.mga7
- blender-2.79b-14.git20190504.2.mga7
- converseen-0.9.7.2-2.2.mga7
- cuneiform-linux-1.1.0-15.1.mga7
- digikam-6.1.0-4.1.mga7
- kxstitch-2.1.1-5.1.mga7
- libopenshot-2.4.4-2.2.mga7
- pfstools-2.1.0-13.2.mga7
- php-imagick-3.4.4-1.2.mga7
- pythonmagick-0.9.19-4.1.mga7
- spectacle-19.04.0-1.1.mga7
- synfig-1.2.2-1.2.mga7
- xine-lib1.2-1.2.9-9.2.mga7
- sk1-2.0-0.rc3.5.2.mga7
- uniconvertor-2.0-0.1.rc3_20171226.2.2.mga7
- mgba-0.6.3-5.2.mga7
- windowmaker-0.95.8-5.1.mga7
- zbar-0.23-1.1.mga7
7/tainted
- imagemagick-7.0.10.62-1.mga7.tainted
- abydos-0.1.3-2.2.mga7.tainted
- transcode-1.1.7-23.2.mga7.tainted
- xine-lib1.2-1.2.9-9.2.mga7.tainted