Mailinglist Archive: opensuse-updates (126 mails)
| < Previous | Next > |
openSUSE-SU-2018:0218-1: moderate: Security update for GraphicsMagick
- From: opensuse-security@xxxxxxxxxxxx
- Date: Thu, 25 Jan 2018 21:08:06 +0100 (CET)
- Message-id: <20180125200806.B901CFD29@maintenance.suse.de>
openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0218-1
Rating: moderate
References: #1043353 #1043354 #1051442 #1052708 #1052717
#1052777 #1054600 #1055374 #1055455 #1057000
#1062752
Cross-References: CVE-2017-11750 CVE-2017-12641 CVE-2017-12673
CVE-2017-12676 CVE-2017-12935 CVE-2017-13142
CVE-2017-13147 CVE-2017-14103 CVE-2017-15218
CVE-2017-9261 CVE-2017-9262
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for GraphicsMagick fixes several issues.
These security issues were fixed:
- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043354)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (NULL pointer dereference)
via a crafted file (bsc#1051442)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052717)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
in coders\png.c (bsc#1052777)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
large MNG images, leading to an invalid memory read in the
SetImageColorCallBack function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
in coders/png.c when a small MNG file has a MEND chunk with a large
length value (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a
crafted PNG file from triggering a crash (bsc#1055455)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
coders/png.c did not properly manage image pointers after certain error
conditions, which allowed remote attackers to conduct use-after-free
attacks via a crafted file, related to a ReadMNGImage out-of-order
CloseBlob call (bsc#1057000)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
(bsc#1062752)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-88=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2018-88=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
GraphicsMagick-1.3.25-60.1
GraphicsMagick-debuginfo-1.3.25-60.1
GraphicsMagick-debugsource-1.3.25-60.1
GraphicsMagick-devel-1.3.25-60.1
libGraphicsMagick++-Q16-12-1.3.25-60.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-60.1
libGraphicsMagick++-devel-1.3.25-60.1
libGraphicsMagick-Q16-3-1.3.25-60.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-60.1
libGraphicsMagick3-config-1.3.25-60.1
libGraphicsMagickWand-Q16-2-1.3.25-60.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-60.1
perl-GraphicsMagick-1.3.25-60.1
perl-GraphicsMagick-debuginfo-1.3.25-60.1
- openSUSE Leap 42.2 (i586 x86_64):
GraphicsMagick-1.3.25-11.63.1
GraphicsMagick-debuginfo-1.3.25-11.63.1
GraphicsMagick-debugsource-1.3.25-11.63.1
GraphicsMagick-devel-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.63.1
libGraphicsMagick++-devel-1.3.25-11.63.1
libGraphicsMagick-Q16-3-1.3.25-11.63.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.63.1
libGraphicsMagick3-config-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.63.1
perl-GraphicsMagick-1.3.25-11.63.1
perl-GraphicsMagick-debuginfo-1.3.25-11.63.1
References:
https://www.suse.com/security/cve/CVE-2017-11750.html
https://www.suse.com/security/cve/CVE-2017-12641.html
https://www.suse.com/security/cve/CVE-2017-12673.html
https://www.suse.com/security/cve/CVE-2017-12676.html
https://www.suse.com/security/cve/CVE-2017-12935.html
https://www.suse.com/security/cve/CVE-2017-13142.html
https://www.suse.com/security/cve/CVE-2017-13147.html
https://www.suse.com/security/cve/CVE-2017-14103.html
https://www.suse.com/security/cve/CVE-2017-15218.html
https://www.suse.com/security/cve/CVE-2017-9261.html
https://www.suse.com/security/cve/CVE-2017-9262.html
https://bugzilla.suse.com/1043353
https://bugzilla.suse.com/1043354
https://bugzilla.suse.com/1051442
https://bugzilla.suse.com/1052708
https://bugzilla.suse.com/1052717
https://bugzilla.suse.com/1052777
https://bugzilla.suse.com/1054600
https://bugzilla.suse.com/1055374
https://bugzilla.suse.com/1055455
https://bugzilla.suse.com/1057000
https://bugzilla.suse.com/1062752
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:0218-1
Rating: moderate
References: #1043353 #1043354 #1051442 #1052708 #1052717
#1052777 #1054600 #1055374 #1055455 #1057000
#1062752
Cross-References: CVE-2017-11750 CVE-2017-12641 CVE-2017-12673
CVE-2017-12676 CVE-2017-12935 CVE-2017-13142
CVE-2017-13147 CVE-2017-14103 CVE-2017-15218
CVE-2017-9261 CVE-2017-9262
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for GraphicsMagick fixes several issues.
These security issues were fixed:
- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043354)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (NULL pointer dereference)
via a crafted file (bsc#1051442)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052717)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
in coders\png.c (bsc#1052777)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
large MNG images, leading to an invalid memory read in the
SetImageColorCallBack function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
in coders/png.c when a small MNG file has a MEND chunk with a large
length value (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a
crafted PNG file from triggering a crash (bsc#1055455)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
coders/png.c did not properly manage image pointers after certain error
conditions, which allowed remote attackers to conduct use-after-free
attacks via a crafted file, related to a ReadMNGImage out-of-order
CloseBlob call (bsc#1057000)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
(bsc#1062752)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-88=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2018-88=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
GraphicsMagick-1.3.25-60.1
GraphicsMagick-debuginfo-1.3.25-60.1
GraphicsMagick-debugsource-1.3.25-60.1
GraphicsMagick-devel-1.3.25-60.1
libGraphicsMagick++-Q16-12-1.3.25-60.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-60.1
libGraphicsMagick++-devel-1.3.25-60.1
libGraphicsMagick-Q16-3-1.3.25-60.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-60.1
libGraphicsMagick3-config-1.3.25-60.1
libGraphicsMagickWand-Q16-2-1.3.25-60.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-60.1
perl-GraphicsMagick-1.3.25-60.1
perl-GraphicsMagick-debuginfo-1.3.25-60.1
- openSUSE Leap 42.2 (i586 x86_64):
GraphicsMagick-1.3.25-11.63.1
GraphicsMagick-debuginfo-1.3.25-11.63.1
GraphicsMagick-debugsource-1.3.25-11.63.1
GraphicsMagick-devel-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-1.3.25-11.63.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.63.1
libGraphicsMagick++-devel-1.3.25-11.63.1
libGraphicsMagick-Q16-3-1.3.25-11.63.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.63.1
libGraphicsMagick3-config-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-1.3.25-11.63.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.63.1
perl-GraphicsMagick-1.3.25-11.63.1
perl-GraphicsMagick-debuginfo-1.3.25-11.63.1
References:
https://www.suse.com/security/cve/CVE-2017-11750.html
https://www.suse.com/security/cve/CVE-2017-12641.html
https://www.suse.com/security/cve/CVE-2017-12673.html
https://www.suse.com/security/cve/CVE-2017-12676.html
https://www.suse.com/security/cve/CVE-2017-12935.html
https://www.suse.com/security/cve/CVE-2017-13142.html
https://www.suse.com/security/cve/CVE-2017-13147.html
https://www.suse.com/security/cve/CVE-2017-14103.html
https://www.suse.com/security/cve/CVE-2017-15218.html
https://www.suse.com/security/cve/CVE-2017-9261.html
https://www.suse.com/security/cve/CVE-2017-9262.html
https://bugzilla.suse.com/1043353
https://bugzilla.suse.com/1043354
https://bugzilla.suse.com/1051442
https://bugzilla.suse.com/1052708
https://bugzilla.suse.com/1052717
https://bugzilla.suse.com/1052777
https://bugzilla.suse.com/1054600
https://bugzilla.suse.com/1055374
https://bugzilla.suse.com/1055455
https://bugzilla.suse.com/1057000
https://bugzilla.suse.com/1062752
| < Previous | Next > |