Suggested advisory:
========================

The updated packages fix security vulnerabilities:

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. (CVE-2019-10649)

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10650
========================

Updated packages in core/updates_testing:
========================
imagemagick-6.9.10.36-1.mga6
imagemagick-desktop-6.9.10.36-1.mga6
lib(64)magick-6Q16_6-6.9.10.36-1.mga6
lib(64)magick++-6Q16_8-6.9.10.36-1.mga6
lib(64)magick-devel-6.9.10.36-1.mga6
perl-Image-Magick-6.9.10.36-1.mga6
imagemagick-doc-6.9.10.36-1.mga6

from SRPMS:
imagemagick-6.9.10.36-1.mga6.src.rpm

Version: Cauldron => 6
Source RPM: imagemagick-7.0.8.35-1.mga7.src.rpm => imagemagick-6.9.10.33-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)
Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED

mga6, x86_64

CVE-2019-10649
https://drive.google.com/file/d/178I9vAWVNgp4Fwn9PZxaVZuLHaJyTPC-/view
$ valgrind --leak-check=full convert view /dev/null
[...]
==14911== ERROR SUMMARY: 34 errors from 34 contexts (suppressed: 0 from 0)
view is an SVG image which displays as a small blank white square.

CVE-2019-10650
https://drive.google.com/file/d/1VPmM34DHDhFYJCMKvRYIAH4iT14hVsOE/view
Leads to heap_buffer_overflow_WriteTIFFImage.tiff

$ convert heap_buffer_overflow_WriteTIFFImage.tiff /dev/null
convert: Invalid TIFF directory; tags are not sorted in ascending order. `TIFFReadDirectoryCheckOrder' @ warning/tiff.c/TIFFWarnings/943.
convert: Too large strip byte count 2130706437, strip 0. Limiting to 4116. `TIFFFillStrip' @ error/tiff.c/TIFFErrors/608.
convert: Read error at scanline 4294967295; got 1168 bytes, expected 4116. `TIFFFillStrip' @ error/tiff.c/TIFFErrors/608.
convert: Invalid TIFF directory; tags are not sorted in ascending order. `TIFFReadDirectoryCheckOrder' @ warning/tiff.c/TIFFWarnings/943.
convert: Unknown field with tag 1024 (0x400) encountered. `TIFFReadDirectory' @ warning/tiff.c/TIFFWarnings/943.
convert: TIFF directory is missing required "StripOffsets" field. `MissingRequired' @ error/tiff.c/TIFFErrors/608.

Updated and ran POC again.
- imagemagick-6.9.10.36-1.mga6.x86_64
- imagemagick-desktop-6.9.10.36-1.mga6.x86_64
- imagemagick-doc-6.9.10.36-1.mga6.noarch
- lib64magick++-6Q16_8-6.9.10.36-1.mga6.x86_64
- lib64magick-6Q16_6-6.9.10.36-1.mga6.x86_64
- lib64magick-devel-6.9.10.36-1.mga6.x86_64
- perl-Image-Magick-6.9.10.36-1.mga6.x86_64

*After updates*

$ valgrind --leak-check=full convert view /dev/null
[...]
==32310== ERROR SUMMARY: 36 errors from 36 contexts (suppressed: 0 from 0)
Error count  2 greater.

$ convert heap_buffer_overflow_WriteTIFFImage.tiff /dev/null
This returned the same information as before so it is likely that the  vulnerabilities
had already been fixed.

Utility tests later.

CC: (none) => tarazed25

Following on from comment 2:

Ran the usual battery of tests to exercize display, convert, mogrify and identify on local
image collection.

$ identify GlenShiel*
GlenShiel_0.jpg JPEG 2048x1536 2048x1536+0+0 8-bit sRGB 1.08993MiB 0.000u 0:00.009
[...]
GlenShiel_9.jpg JPEG 3008x2000 3008x2000+0+0 8-bit sRGB 3.1408MiB 0.000u 0:00.000
GlenShiel_greyscale.tif TIFF 2304x1728 2304x1728+0+0 8-bit Grayscale Gray 3.80156MiB 0.000u 0:00.010

Image conversion and vignetting.
$ convert TatianaMaslany.jpg -background grey44 -vignette 0x5 Maslany.png
$ display Maslany.png

$ identify Ikapati.tif
Ikapati.tif TIFF 1024x1024 1024x1024+0+0 8-bit Grayscale Gray 1.00118MiB 0.000u 0:00.000
$ convert -resize 120%x80% Ikapati.tif ikapati.jpg 
$ identify ikapati.jpg
ikapati.jpg JPEG 1229x819 1229x819+0+0 8-bit Gray 256c 365436B 0.000u 0:00.000

$ convert -gravity center -size 480x100 label:"Hello World!" message.png
$ composite message.png SantaMaria.png -stegano +15+2 crater.png
$ display crater.png
Image showed no changes.
Extract message from image:
$ convert -size 480x100+15+2 stegano:crater.png secret.png
$ display secret.png
"Hello World!" on cue.

Modify an image in place.  Apply a series of rotations and reflections which restore the image to its original state.
$ mogrify -rotate 270 newbridge.tif
$ mogrify -flip newbridge.tif
$ mogrify -flop newbridge.tif
$ mogrify -rotate -90 newbridge.tif

Create an image.
$ convert -size 60x500 gradient:'#FFF-#0FF' -rotate 90 -set colorspace HSB -colorspace RGB rainbow_2.jpg

Create a panel shaded diagonally from blue to black.
$ convert -size 400x200 xc: -sparse-color barycentric '0,0 skyblue  -%w,%h skyblue  %w,%h black' diagonal_gradient.jpg

Create a square shaded vertically from tomato-red to blue.
$ convert -size 200x200  gradient:tomato-steelblue gradient_6.jpg

Create a montage consisting of thumbnails of the 10 referenced images.
$ montage -adjoin GlenShiel_?.jpg tenlakes.png
Displayed as thumbnails in rows of four (4,4,2).

$ convert rose: -fill none -stroke navy -strokewidth 11 -draw 'rectangle 0,0 69,45' borderrose.jpg

$ convert LochLubnaig_9.jpg TatianaMaslany.jpg -composite overlay.jpg
$ display overlay.jpg
Shows a smaller image in the top lefthand corner superimposed on a larger image.

Working as well as always.  OK for 64-bits.

Whiteboard: (none) => MGA6-64-OK

Sounds good, Len. Validating. Suggested advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0142.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

This update also fixed CVE-2019-9956:
https://www.debian.org/security/2019/dsa-4436

CC: (none) => luigiwalser