openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1295-1 Rating: moderate References: #1132053 #1132054 #1132055 #1132058 #1132060 #1132061 Cross-References: CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058) - CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061) - CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055) - CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060) - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054) - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053) This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1295=1 Package List: - openSUSE Backports SLE-15 (x86_64): GraphicsMagick-1.3.29-bp150.2.18.1 GraphicsMagick-devel-1.3.29-bp150.2.18.1 libGraphicsMagick++-Q16-12-1.3.29-bp150.2.18.1 libGraphicsMagick++-devel-1.3.29-bp150.2.18.1 libGraphicsMagick-Q16-3-1.3.29-bp150.2.18.1 libGraphicsMagick3-config-1.3.29-bp150.2.18.1 libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.18.1 perl-GraphicsMagick-1.3.29-bp150.2.18.1 References: https://www.suse.com/security/cve/CVE-2019-11005.html https://www.suse.com/security/cve/CVE-2019-11006.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-11010.html https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132055 https://bugzilla.suse.com/1132058 https://bugzilla.suse.com/1132060 https://bugzilla.suse.com/1132061 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org