openSUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1272-1 Rating: moderate References: #1132053 #1132054 #1132055 #1132058 #1132060 #1132061 Cross-References: CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058) - CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061) - CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055) - CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060) - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054) - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-1272=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1272=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): GraphicsMagick-1.3.25-132.1 GraphicsMagick-debuginfo-1.3.25-132.1 GraphicsMagick-debugsource-1.3.25-132.1 GraphicsMagick-devel-1.3.25-132.1 libGraphicsMagick++-Q16-12-1.3.25-132.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-132.1 libGraphicsMagick++-devel-1.3.25-132.1 libGraphicsMagick-Q16-3-1.3.25-132.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-132.1 libGraphicsMagick3-config-1.3.25-132.1 libGraphicsMagickWand-Q16-2-1.3.25-132.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-132.1 perl-GraphicsMagick-1.3.25-132.1 perl-GraphicsMagick-debuginfo-1.3.25-132.1 - openSUSE Leap 15.0 (x86_64): GraphicsMagick-1.3.29-lp150.3.25.1 GraphicsMagick-debuginfo-1.3.29-lp150.3.25.1 GraphicsMagick-debugsource-1.3.29-lp150.3.25.1 GraphicsMagick-devel-1.3.29-lp150.3.25.1 libGraphicsMagick++-Q16-12-1.3.29-lp150.3.25.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.25.1 libGraphicsMagick++-devel-1.3.29-lp150.3.25.1 libGraphicsMagick-Q16-3-1.3.29-lp150.3.25.1 libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.25.1 libGraphicsMagick3-config-1.3.29-lp150.3.25.1 libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.25.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.25.1 perl-GraphicsMagick-1.3.29-lp150.3.25.1 perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.25.1 References: https://www.suse.com/security/cve/CVE-2019-11005.html https://www.suse.com/security/cve/CVE-2019-11006.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-11010.html https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132055 https://bugzilla.suse.com/1132058 https://bugzilla.suse.com/1132060 https://bugzilla.suse.com/1132061