openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0087-1 Rating: moderate References: #1047044 #1049373 #1050129 #1051412 #1052468 #1052710 #1052720 #1052731 #1055065 #1055434 #1058640 #1067177 #1074123 #1074975 Cross-References: CVE-2017-10800 CVE-2017-11449 CVE-2017-11532 CVE-2017-12564 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13648 CVE-2017-14326 CVE-2017-16547 CVE-2017-17881 CVE-2017-18022 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720) - CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065) - CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731) - CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044) - CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434) - CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468) - CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710) - CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640) - CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123) - CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373) - CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129) - CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - Memory leak in pwp.c (boo#1051412) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-35=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2018-35=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): GraphicsMagick-1.3.25-57.1 GraphicsMagick-debuginfo-1.3.25-57.1 GraphicsMagick-debugsource-1.3.25-57.1 GraphicsMagick-devel-1.3.25-57.1 libGraphicsMagick++-Q16-12-1.3.25-57.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-57.1 libGraphicsMagick++-devel-1.3.25-57.1 libGraphicsMagick-Q16-3-1.3.25-57.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-57.1 libGraphicsMagick3-config-1.3.25-57.1 libGraphicsMagickWand-Q16-2-1.3.25-57.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-57.1 perl-GraphicsMagick-1.3.25-57.1 perl-GraphicsMagick-debuginfo-1.3.25-57.1 - openSUSE Leap 42.2 (i586 x86_64): GraphicsMagick-1.3.25-11.60.1 GraphicsMagick-debuginfo-1.3.25-11.60.1 GraphicsMagick-debugsource-1.3.25-11.60.1 GraphicsMagick-devel-1.3.25-11.60.1 libGraphicsMagick++-Q16-12-1.3.25-11.60.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.60.1 libGraphicsMagick++-devel-1.3.25-11.60.1 libGraphicsMagick-Q16-3-1.3.25-11.60.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.60.1 libGraphicsMagick3-config-1.3.25-11.60.1 libGraphicsMagickWand-Q16-2-1.3.25-11.60.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.60.1 perl-GraphicsMagick-1.3.25-11.60.1 perl-GraphicsMagick-debuginfo-1.3.25-11.60.1 References: https://www.suse.com/security/cve/CVE-2017-10800.html https://www.suse.com/security/cve/CVE-2017-11449.html https://www.suse.com/security/cve/CVE-2017-11532.html https://www.suse.com/security/cve/CVE-2017-12564.html https://www.suse.com/security/cve/CVE-2017-12670.html https://www.suse.com/security/cve/CVE-2017-12672.html https://www.suse.com/security/cve/CVE-2017-12675.html https://www.suse.com/security/cve/CVE-2017-13060.html https://www.suse.com/security/cve/CVE-2017-13648.html https://www.suse.com/security/cve/CVE-2017-14326.html https://www.suse.com/security/cve/CVE-2017-16547.html https://www.suse.com/security/cve/CVE-2017-17881.html https://www.suse.com/security/cve/CVE-2017-18022.html https://bugzilla.suse.com/1047044 https://bugzilla.suse.com/1049373 https://bugzilla.suse.com/1050129 https://bugzilla.suse.com/1051412 https://bugzilla.suse.com/1052468 https://bugzilla.suse.com/1052710 https://bugzilla.suse.com/1052720 https://bugzilla.suse.com/1052731 https://bugzilla.suse.com/1055065 https://bugzilla.suse.com/1055434 https://bugzilla.suse.com/1058640 https://bugzilla.suse.com/1067177 https://bugzilla.suse.com/1074123 https://bugzilla.suse.com/1074975