openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0733-1 Rating: moderate References: #1058630 #1059735 #1066168 #1066170 #1082283 #1082291 #1084060 #1084062 #1085233 Cross-References: CVE-2017-14314 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-18220 CVE-2017-18230 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2017-18230: Specially crafted CINEON images may have caused a Null pointer dereference (boo#1085233) - CVE-2017-16353: Specially crafted MIFF images could have allowed for information disclosure (boo#1066170) - CVE-2017-16352: Specially crafted MIFF images may have caused a heap-based buffer overflow (boo#1066168) - CVE-2017-14314: Specially crafted image files may have caused a denial of service (boo#1058630) - CVE-2017-14505: Specially crafted image files may have caused a Null pointer dereference (boo#1059735) - CVE-2017-15016: Specially crafted EMF images may have caused a Null pointer dereference (boo#1082291) - CVE-2017-15017: Specially crafted MSG images may have caused a Null pointer dereference (boo#1082283) - CVE-2017-18219: Specially crafted image files may have been used to cause an application crash (boo#1084060) - CVE-2017-18220: Specially crafted PNG images may have been used to cause a denial of service (boo#1084062) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-283=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): GraphicsMagick-1.3.25-79.1 GraphicsMagick-debuginfo-1.3.25-79.1 GraphicsMagick-debugsource-1.3.25-79.1 GraphicsMagick-devel-1.3.25-79.1 libGraphicsMagick++-Q16-12-1.3.25-79.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-79.1 libGraphicsMagick++-devel-1.3.25-79.1 libGraphicsMagick-Q16-3-1.3.25-79.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-79.1 libGraphicsMagick3-config-1.3.25-79.1 libGraphicsMagickWand-Q16-2-1.3.25-79.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-79.1 perl-GraphicsMagick-1.3.25-79.1 perl-GraphicsMagick-debuginfo-1.3.25-79.1 References: https://www.suse.com/security/cve/CVE-2017-14314.html https://www.suse.com/security/cve/CVE-2017-14505.html https://www.suse.com/security/cve/CVE-2017-15016.html https://www.suse.com/security/cve/CVE-2017-15017.html https://www.suse.com/security/cve/CVE-2017-16352.html https://www.suse.com/security/cve/CVE-2017-16353.html https://www.suse.com/security/cve/CVE-2017-18219.html https://www.suse.com/security/cve/CVE-2017-18220.html https://www.suse.com/security/cve/CVE-2017-18230.html https://bugzilla.suse.com/1058630 https://bugzilla.suse.com/1059735 https://bugzilla.suse.com/1066168 https://bugzilla.suse.com/1066170 https://bugzilla.suse.com/1082283 https://bugzilla.suse.com/1082291 https://bugzilla.suse.com/1084060 https://bugzilla.suse.com/1084062 https://bugzilla.suse.com/1085233