Security update for GraphicsMagick
Announcement ID: | SUSE-SU-2017:2229-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves six vulnerabilities can now be installed.
Description:
This update for GraphicsMagick fixes the following issues:
Security issues fixed:
- CVE-2017-8350: The PNG/JNG decoder recieved an incremental fix, fixing some related issues in the same code. (bsc#1036985)
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: The ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file (bsc#1049072)
- CVE-2017-11643: A heap overflow in WriteCMYKImage()function in coders/cmyk.c was fixed (bsc#1050611)
- CVE-2017-11636: A heap overflow in WriteRGBImage() in coders/rgb.c was fixed (bsc#1050674)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Development Kit 11 SP4
zypper in -t patch sdksp4-GraphicsMagick-13236=1
-
SUSE Studio Onsite 1.3
zypper in -t patch slestso13-GraphicsMagick-13236=1
Package List:
-
SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- GraphicsMagick-1.2.5-4.78.9.1
- libGraphicsMagick2-1.2.5-4.78.9.1
- perl-GraphicsMagick-1.2.5-4.78.9.1
-
SUSE Studio Onsite 1.3 (x86_64)
- GraphicsMagick-1.2.5-4.78.9.1
- libGraphicsMagick2-1.2.5-4.78.9.1
References:
- https://www.suse.com/security/cve/CVE-2017-11403.html
- https://www.suse.com/security/cve/CVE-2017-11636.html
- https://www.suse.com/security/cve/CVE-2017-11643.html
- https://www.suse.com/security/cve/CVE-2017-8350.html
- https://www.suse.com/security/cve/CVE-2017-9439.html
- https://www.suse.com/security/cve/CVE-2017-9501.html
- https://bugzilla.suse.com/show_bug.cgi?id=1036985
- https://bugzilla.suse.com/show_bug.cgi?id=1042826
- https://bugzilla.suse.com/show_bug.cgi?id=1043289
- https://bugzilla.suse.com/show_bug.cgi?id=1049072
- https://bugzilla.suse.com/show_bug.cgi?id=1050611
- https://bugzilla.suse.com/show_bug.cgi?id=1050674