openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1354-1 Rating: moderate References: #1132053 #1132054 #1133202 #1133203 #1133498 #1133501 Cross-References: CVE-2019-11008 CVE-2019-11009 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2019-11506: Fixed a heap-based buffer overflow in the function WriteMATLABImage (boo#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the function WritePDBImage (boo#1133501). The following fixes where modified and refreshed: - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage (boo#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage (boo#1132053). - CVE-2019-11473: Fixed an out-of-bounds read leading to a possible denial of service in coders/xwd.c (boo#1133203). - CVE-2019-11474: Fixed a floating-point exception leading to a possible denial of service in coders/xwd.c (boo#1133202). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1354=1 Package List: - openSUSE Leap 15.0 (x86_64): GraphicsMagick-1.3.29-lp150.3.28.1 GraphicsMagick-debuginfo-1.3.29-lp150.3.28.1 GraphicsMagick-debugsource-1.3.29-lp150.3.28.1 GraphicsMagick-devel-1.3.29-lp150.3.28.1 libGraphicsMagick++-Q16-12-1.3.29-lp150.3.28.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.28.1 libGraphicsMagick++-devel-1.3.29-lp150.3.28.1 libGraphicsMagick-Q16-3-1.3.29-lp150.3.28.1 libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.28.1 libGraphicsMagick3-config-1.3.29-lp150.3.28.1 libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.28.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.28.1 perl-GraphicsMagick-1.3.29-lp150.3.28.1 perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.28.1 References: https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-11473.html https://www.suse.com/security/cve/CVE-2019-11474.html https://www.suse.com/security/cve/CVE-2019-11505.html https://www.suse.com/security/cve/CVE-2019-11506.html https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1133202 https://bugzilla.suse.com/1133203 https://bugzilla.suse.com/1133498 https://bugzilla.suse.com/1133501 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org