Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in GraphicsMagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GraphicsMagick
ID: SUSE-SU-2017:3435-1
Distribution: SUSE
Plattformen: SUSE Studio Onsite 1.3, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4
Datum: Mi, 27. Dezember 2017, 16:47
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11640

Originalnachricht

   SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:3435-1
Rating: important
References: #1050632 #1052450 #1054757 #1055214 #1056426
#1056429 #1057508 #1058485 #1058637 #1066003
#1067181 #1067184 #1067409
Cross-References: CVE-2016-7996 CVE-2017-11640 CVE-2017-12587
CVE-2017-12983 CVE-2017-13134 CVE-2017-13776
CVE-2017-13777 CVE-2017-14165 CVE-2017-14341
CVE-2017-14342 CVE-2017-15930 CVE-2017-16545
CVE-2017-16546 CVE-2017-16669
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes 14 vulnerabilities is now available.

Description:

This update for GraphicsMagick fixes the following issues:

* CVE-2017-11640: NULL pointer deref in WritePTIFImage() in
coders/tiff.c could lead to denial of service [bsc#1050632]
* CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c
could lead to denial of service [bsc#1058485]
* CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead
to denial of service [bsc#1058637]
* CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could
lead to denial of service [bsc#1067181]
* CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in
validation problems could lead to denial of service [bsc#1067184]
* CVE-2017-16669: coders/wpg.c allows remote attackers to cause a
denial of service via crafted file [bsc#1067409]
* CVE-2017-13776: denial of service issue in ReadXBMImage() in a
coders/xbm.c [bsc#1056429]
* CVE-2017-13777: denial of service issue in ReadXBMImage() in a
coders/xbm.c [bsc#1056426]
* CVE-2017-13134: heap-based buffer over-read in the function SFWScan in
coders/sfw.c could lead to denial of service via a crafted file
[bsc#1055214]
* CVE-2017-15930: Null Pointer dereference while transfering JPEG
scanlines could lead to denial of service [bsc#1066003]
* CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
function in coders/sfw.c allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact
via a crafted file. [bsc#1054757]
* CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue
where memory allocation is excessive because it depends only on a
length field in a header. This may lead to remote denial of service in
the MagickMalloc function in magick/memory.c. [bsc#1057508]
* CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function
in coders\pwp.c. [bsc#1052450]


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Studio Onsite 1.3:

zypper in -t patch slestso13-GraphicsMagick-13386=1

- SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-GraphicsMagick-13386=1

- SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-GraphicsMagick-13386=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Studio Onsite 1.3 (x86_64):

GraphicsMagick-1.2.5-4.78.19.1
libGraphicsMagick2-1.2.5-4.78.19.1

- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64
s390x x86_64):

GraphicsMagick-1.2.5-4.78.19.1
libGraphicsMagick2-1.2.5-4.78.19.1
perl-GraphicsMagick-1.2.5-4.78.19.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

GraphicsMagick-debuginfo-1.2.5-4.78.19.1
GraphicsMagick-debugsource-1.2.5-4.78.19.1


References:

https://www.suse.com/security/cve/CVE-2016-7996.html
https://www.suse.com/security/cve/CVE-2017-11640.html
https://www.suse.com/security/cve/CVE-2017-12587.html
https://www.suse.com/security/cve/CVE-2017-12983.html
https://www.suse.com/security/cve/CVE-2017-13134.html
https://www.suse.com/security/cve/CVE-2017-13776.html
https://www.suse.com/security/cve/CVE-2017-13777.html
https://www.suse.com/security/cve/CVE-2017-14165.html
https://www.suse.com/security/cve/CVE-2017-14341.html
https://www.suse.com/security/cve/CVE-2017-14342.html
https://www.suse.com/security/cve/CVE-2017-15930.html
https://www.suse.com/security/cve/CVE-2017-16545.html
https://www.suse.com/security/cve/CVE-2017-16546.html
https://www.suse.com/security/cve/CVE-2017-16669.html
https://bugzilla.suse.com/1050632
https://bugzilla.suse.com/1052450
https://bugzilla.suse.com/1054757
https://bugzilla.suse.com/1055214
https://bugzilla.suse.com/1056426
https://bugzilla.suse.com/1056429
https://bugzilla.suse.com/1057508
https://bugzilla.suse.com/1058485
https://bugzilla.suse.com/1058637
https://bugzilla.suse.com/1066003
https://bugzilla.suse.com/1067181
https://bugzilla.suse.com/1067184
https://bugzilla.suse.com/1067409

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung