Sicherheit: Mehrere Probleme in GraphicsMagick

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-bfb9835edd
2018-01-31 18:03:07.862682
-------------------------------------------------------------------------------
-

Name : GraphicsMagick
Product : Fedora 26
Version : 1.3.28
Release : 1.fc26
URL : http://www.graphicsmagick.org/
Summary : An ImageMagick fork, offering faster image generation and better
quality
Description :
GraphicsMagick is a comprehensive image processing package which is initially
based on ImageMagick 5.5.2, but which has undergone significant re-work by
the GraphicsMagick Group to significantly improve the quality and performance
of the software.

-------------------------------------------------------------------------------
-
Update Information:

Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1536950 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop
and application hang in coders/bmp.c:ReadBMPImage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536950
[ 2 ] Bug #1529579 - CVE-2017-17912 GraphicsMagick: GraphicsMagick:
heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529579
[ 3 ] Bug #1529558 - CVE-2017-17913 GraphicsMagick: stack-based buffer
over-read in WriteWEBPImage in coders/webp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529558
[ 4 ] Bug #1529536 - CVE-2017-17915 GraphicsMagick: Memory leak in the
function ReadMNGImage in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529536
[ 5 ] Bug #1528050 - CVE-2017-17783 GraphicsMagick: heap based buffer
over-read in ReadPALMImage in coders/palm.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528050
[ 6 ] Bug #1528038 - CVE-2017-17782 GraphicsMagick: heap-based buffer
over-read in ReadOneJNGImage function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528038
[ 7 ] Bug #1515317 - CVE-2017-16353 GraphicsMagick: ImageMagick,
GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1515317
[ 8 ] Bug #1512039 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in
AcquireCacheNexus function in magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512039
[ 9 ] Bug #1484484 - CVE-2017-13147 GraphicsMagick: Allocation failure in
ReadMNGImage function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484484
[ 10 ] Bug #1475499 - CVE-2017-11643 GraphicsMagick: Heap based over-write in
WriteCMYKImagefunction in coders/cmyk.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475499
[ 11 ] Bug #1475491 - CVE-2017-11641 GraphicsMagick: Memory Leak in the
PersistCache in magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475491
[ 12 ] Bug #1475457 - CVE-2017-11636 GraphicsMagick: Heap based buffer
over-write in WriteRGBImage in coders/rgb.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475457
[ 13 ] Bug #1475453 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference
in WritePCLImage() in coders/pcl.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475453
[ 14 ] Bug #1473751 - CVE-2017-11140 GraphicsMagick: Resource exhaustion
denial of service in ReadJPEGImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473751
[ 15 ] Bug #1473745 - CVE-2017-11139 GraphicsMagick: double free
vulnerabilities in the ReadOneJNGImage() function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473745
[ 16 ] Bug #1473730 - CVE-2017-11102 GraphicsMagick: Input validation failure
in ReadOneJNGImage function may cause denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473730
[ 17 ] Bug #1536770 - GraphicsMagick-1.3.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536770
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade GraphicsMagick' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org