Mailinglist Archive: opensuse-updates (126 mails)

< Previous Next >
openSUSE-SU-2018:0218-1: moderate: Security update for GraphicsMagick
openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:0218-1
Rating: moderate
References: #1043353 #1043354 #1051442 #1052708 #1052717
#1052777 #1054600 #1055374 #1055455 #1057000
#1062752
Cross-References: CVE-2017-11750 CVE-2017-12641 CVE-2017-12673
CVE-2017-12676 CVE-2017-12935 CVE-2017-13142
CVE-2017-13147 CVE-2017-14103 CVE-2017-15218
CVE-2017-9261 CVE-2017-9262
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043354)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (NULL pointer dereference)
via a crafted file (bsc#1051442)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052717)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
in coders\png.c (bsc#1052777)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
large MNG images, leading to an invalid memory read in the
SetImageColorCallBack function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
in coders/png.c when a small MNG file has a MEND chunk with a large
length value (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a
crafted PNG file from triggering a crash (bsc#1055455)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
coders/png.c did not properly manage image pointers after certain error
conditions, which allowed remote attackers to conduct use-after-free
attacks via a crafted file, related to a ReadMNGImage out-of-order
CloseBlob call (bsc#1057000)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
(bsc#1062752)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-88=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2018-88=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-60.1
GraphicsMagick-debuginfo-1.3.25-60.1
GraphicsMagick-debugsource-1.3.25-60.1
GraphicsMagick-devel-1.3.25-60.1
libGraphicsMagick++-Q16-12-1.3.25-60.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-60.1
libGraphicsMagick++-devel-1.3.25-60.1
libGraphicsMagick-Q16-3-1.3.25-60.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-60.1
libGraphicsMagick3-config-1.3.25-60.1
libGraphicsMagickWand-Q16-2-1.3.25-60.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-60.1
perl-GraphicsMagick-1.3.25-60.1
perl-GraphicsMagick-debuginfo-1.3.25-60.1

- openSUSE Leap 42.2 (i586 x86_64):

GraphicsMagick-1.3.25-11.63.1
GraphicsMagick-debuginfo-1.3.25-11.63.1
GraphicsMagick-debugsource-1.3.25-11.63.1
GraphicsMagick-devel-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.63.1
libGraphicsMagick++-devel-1.3.25-11.63.1
libGraphicsMagick-Q16-3-1.3.25-11.63.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.63.1
libGraphicsMagick3-config-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.63.1
perl-GraphicsMagick-1.3.25-11.63.1
perl-GraphicsMagick-debuginfo-1.3.25-11.63.1


References:

https://www.suse.com/security/cve/CVE-2017-11750.html
https://www.suse.com/security/cve/CVE-2017-12641.html
https://www.suse.com/security/cve/CVE-2017-12673.html
https://www.suse.com/security/cve/CVE-2017-12676.html
https://www.suse.com/security/cve/CVE-2017-12935.html
https://www.suse.com/security/cve/CVE-2017-13142.html
https://www.suse.com/security/cve/CVE-2017-13147.html
https://www.suse.com/security/cve/CVE-2017-14103.html
https://www.suse.com/security/cve/CVE-2017-15218.html
https://www.suse.com/security/cve/CVE-2017-9261.html
https://www.suse.com/security/cve/CVE-2017-9262.html
https://bugzilla.suse.com/1043353
https://bugzilla.suse.com/1043354
https://bugzilla.suse.com/1051442
https://bugzilla.suse.com/1052708
https://bugzilla.suse.com/1052717
https://bugzilla.suse.com/1052777
https://bugzilla.suse.com/1054600
https://bugzilla.suse.com/1055374
https://bugzilla.suse.com/1055455
https://bugzilla.suse.com/1057000
https://bugzilla.suse.com/1062752


< Previous Next >
This Thread
  • No further messages