Univention Corporate Server 4.2 erratum 276 (security)

This update addresses the following issues:
* There is a crash (rather than a "width or height exceeds limit" error
  report) if the image dimensions are too large, as demonstrated by use of
  the mpc coder. (CVE-2017-13144)
* ImageMagick has an out-of-bounds read vulnerability in ReadOneMNGImage in
  coders/png.c. (CVE-2017-12640)
* When ImageMagick processes a crafted file in convert, it can lead to an
  address access exception in the WritePTIFImage() function in coders/tiff.c.
  (CVE-2017-11640)
* The ReadOneJNGImage function in coders/png.c allows remote attackers to
  cause a denial of service (large loop and CPU consumption) via a malformed
  JNG file. (CVE-2017-11505)
* GetNextToken in MagickCore/token.c allows remote attackers to cause a
  denial of service (heap-based buffer overflow and application crash) or
  possibly have unspecified other impact via a crafted SVG document, a
  different vulnerability than CVE-2017-10928. (CVE-2017-14682)
* The ReadPALMImage function in palm.c allows attackers to cause a denial of
  service (memory leak) via a crafted file. (CVE-2017-9407)
* The ReadICONImage function in icon.c:452 allows attackers to cause a denial
  of service (memory leak) via a crafted file. (CVE-2017-9405)
* The ReadMPCImage function in mpc.c allows attackers to cause a denial of
  service (memory leak) via a crafted file. (CVE-2017-9409)
* The ReadOneMNGImage function in coders/png.c has an out-of-bounds read with
  the MNG CLIP chunk. (CVE-2017-13139)
* The ReadOneDJVUImage function in coders/djvu.c allows remote attackers to
  cause a denial of service (infinite loop and CPU consumption) via a
  malformed DJVU image. (CVE-2017-11478)
* A use-after-free in RenderFreetype in MagickCore/annotate.c allows
  attackers to crash the application via a crafted font file, because the
  FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in
  the ImageMagick code. (CVE-2017-14989)
* The WriteTHUMBNAILImage function in coders/thumbnail.c allows an attacker
  to cause a denial of service (buffer over-read) by sending a crafted JPEG
  file. (CVE-2017-13769)
* A memory leak was found in the function ReadPSDChannel in coders/psd.c,
  which allows attackers to cause a denial of service via a crafted file.
  (CVE-2017-9440)
* The ReadEPTImage function in coders/ept.c allows remote attackers to cause
  a denial of service (memory consumption) via a crafted file.
  (CVE-2017-11530)
* The ReadRLEImage function in coders\rle.c has a large loop vulnerability
  via a crafted rle file that triggers a huge number_pixels value.
  (CVE-2017-11360)
* A memory leak was found in the function ReadPDBImage in coders/pdb.c, which
  allows attackers to cause a denial of service via a crafted file.
  (CVE-2017-9439)
* A use-after-free vulnerability was found in the function ReadWMFImage in
  coders/wmf.c, which allows attackers to cause a denial of service.
  (CVE-2017-12431)
* An assertion failure was found in the function LockSemaphoreInfo, which
  allows attackers to cause a denial of service via a crafted file.
  (CVE-2017-9501)
* There is a heap-based buffer overflow in the TracePoint() function in
  MagickCore/draw.c. (CVE-2017-13758)
* A heap-based buffer over-read in the GetNextToken function in token.c
  allows remote attackers to obtain sensitive information from process memory
  or possibly have unspecified other impact via a crafted SVG document that
  is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
  (CVE-2017-10928)
* The ReadSCREENSHOTImage function in coders/screenshot.c has memory leaks,
  causing denial of service. (CVE-2017-11447)
* coders/mpc.c does not enable seekable streams and thus cannot validate blob
  sizes, which allows remote attackers to cause a denial of service
  (application crash) or possibly have unspecified other impact via an image
  received from stdin. (CVE-2017-11449)
* ReadGIFImage in coders/gif.c leaves the palette uninitialized when
  processing a GIF file that has neither a global nor local palette. If the
  affected product is used as a library loaded into a process that operates
  on interesting data, this data sometimes can be leaked via the
  uninitialized palette. (CVE-2017-15277)
* The ReadDPXImage function in coders\dpx.c has a large loop vulnerability
  that can cause CPU exhaustion via a crafted DPX file, related to lack of an
  EOF check. (CVE-2017-11188)
* Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c
  allows remote attackers to cause a denial of service (application crash) or
  possibly have unspecified other impact via a crafted file. (CVE-2017-12983)
* The ReadDPXImage function in coders/dpx.c allows remote attackers to cause
  a denial of service (memory consumption) via a crafted file.
  (CVE-2017-11527)
* The ReadOneMNGImage function in coders/png.c allows remote attackers to
  cause a denial of service (large loop and CPU consumption) via a crafted
  file. (CVE-2017-11526)
* The ReadCINImage function in coders/cin.c allows remote attackers to cause
  a denial of service (memory consumption) via a crafted file.
  (CVE-2017-11525)
* The WriteBlob function in MagickCore/blob.c allows remote attackers to
  cause a denial of service (assertion failure and application exit) via a
  crafted file. (CVE-2017-11524)
* The ReadMATImage function in coders/mat.c allows remote attackers to cause
  a denial of service (memory leak) via a crafted file. (CVE-2017-11529)
* The ReadDIBImage function in coders/dib.c allows remote attackers to cause
  a denial of service (memory leak) via a crafted file. (CVE-2017-11528)
* A crafted RLE image can trigger a crash because of incorrect EOF handling
  in coders/rle.c. NOTE: this vulnerability exists because of an incomplete
  fix for CVE-2017-9144. (CVE-2017-11352)
* The ReadJPEGImage function in coders/jpeg.c allows remote attackers to
  obtain sensitive information from uninitialized memory locations via a
  crafted file. (CVE-2017-11448)
* A heap-based buffer overflow in WritePCXImage in coders/pcx.c allows remote
  attackers to cause a denial of service or code execution via a crafted
  file. (CVE-2017-14224)
* A heap-based buffer over-read was found in the function SFWScan in
  coders/sfw.c, which allows attackers to cause a denial of service via a
  crafted file. (CVE-2017-13134)
* Use-after-free vulnerability in the DestroyImage function in image.c allows
  remote attackers to cause a denial of service via a crafted file.
  (CVE-2017-12877)
* The ReadTGAImage function in coders\tga.c has a memory leak vulnerability
  that can cause memory exhaustion via invalid colors data in the header of a
  TGA or VST file. (CVE-2017-11170)
* The ReadMATImage function in coders\mat.c has a memory leak vulnerability
  that can cause memory exhaustion via a crafted MAT file, related to
  incorrect ordering of a SetImageExtent call. (CVE-2017-11141)
* coders/jpeg.c allows remote attackers to cause a denial of service
  (application crash) or possibly have unspecified other impact via JPEG data
  that is too short. (CVE-2017-11450)
* The ReadWPGImage function in coders/wpg.c does not properly validate the
  colormap index in a WPG palette, which allows remote attackers to cause a
  denial of service (use of uninitialized data or invalid memory allocation)
  or possibly have unspecified other impact via a malformed WPG file.
  (CVE-2017-16546)
* An out of bounds read flaw related to ReadTIFFImage has been reported in
  coders/tiff.c. An attacker could possibly exploit this flaw to disclose
  potentially sensitive memory or cause an application crash.
  (CVE-2017-14607)
* The ReadJNGImage function in coders/png.c allows attackers to cause a
  denial of service (memory leak) via a crafted file. (CVE-2017-9262)
* The ReadMNGImage function in coders/png.c allows attackers to cause a
  denial of service (memory leak) via a crafted file. (CVE-2017-9261)