Mehrere Probleme in vips
ID: | FEDORA-2017-8f27031c8f |
Distribution: | Fedora |
Plattformen: | Fedora 26 |
Datum: | Mi, 20. September 2017, 07:55 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11450 https://bugzilla.redhat.com/show_bug.cgi?id=1479313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12432 https://bugzilla.redhat.com/show_bug.cgi?id=1410515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7515 https://bugzilla.redhat.com/show_bug.cgi?id=1299275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12641 |
Applikationen: | VIPS |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-8f27031c8f 2017-09-19 02:41:35.415951 -------------------------------------------------------------------------------- Name : vips Product : Fedora 26 Version : 8.5.8 Release : 2.fc26 URL : https://jcupitt.github.io/libvips/ Summary : C/C++ library for processing large images Description : VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. -------------------------------------------------------------------------------- Update Information: Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagi ck/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471837 [ 2 ] Bug #1471122 - CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471122 [ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470670 [ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1465064 [ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1455602 [ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1453125 [ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1413898 [ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1408404 [ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483575 [ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1299275 [ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483132 [ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483117 [ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482655 [ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482626 [ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1350462 [ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361494 [ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1378790 [ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361578 [ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477566 [ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477070 [ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475486 [ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475471 [ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475464 [ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474846 [ 25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474420 [ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473848 [ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473825 [ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473802 [ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473799 [ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473797 [ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473775 [ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473758 [ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473719 [ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410515 [ 35 ] Bug #1479313 - synfigstudio doesn't start https://bugzilla.redhat.com/show_bug.cgi?id=1479313 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade vips' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |