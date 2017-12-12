openSUSE Security Update: Security update for GraphicsMagick

Announcement ID: openSUSE-SU-2017:3270-1

Rating: important

References: #1047054 #1051847 #1052758 #1052764 #1060577

#1061587

Cross-References: CVE-2017-10799 CVE-2017-12140 CVE-2017-12644

CVE-2017-12662 CVE-2017-14733 CVE-2017-14994



Affected Products:

openSUSE Leap 42.3

openSUSE Leap 42.2

An update that fixes 6 vulnerabilities is now available.



Description:



This update for GraphicsMagick fixes the following issues:



* CVE-2017-12140: ReadDCMImage in coders\dcm.c has a ninteger

signedness error leading to excessive memory consumption

(bnc#1051847)

* CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could

lead to denial of service (bnc#1061587)

* CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could

lead to denial of service (bnc#1052758)

* CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could

lead to denial of service (bnc#1060577)

* CVE-2017-12644: Memory leak in ReadDCMImage in coders\dcm.c could

lead to denial of service (bnc#1052764)

* CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()

(bnc#1047054)





Patch Instructions:



To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:



- openSUSE Leap 42.3:



zypper in -t patch openSUSE-2017-1362=1



- openSUSE Leap 42.2:



zypper in -t patch openSUSE-2017-1362=1



To bring your system up-to-date, use "zypper patch".





Package List:



- openSUSE Leap 42.3 (i586 x86_64):



GraphicsMagick-1.3.25-47.1

GraphicsMagick-debuginfo-1.3.25-47.1

GraphicsMagick-debugsource-1.3.25-47.1

GraphicsMagick-devel-1.3.25-47.1

libGraphicsMagick++-Q16-12-1.3.25-47.1

libGraphicsMagick++-Q16-12-debuginfo-1.3.25-47.1

libGraphicsMagick++-devel-1.3.25-47.1

libGraphicsMagick-Q16-3-1.3.25-47.1

libGraphicsMagick-Q16-3-debuginfo-1.3.25-47.1

libGraphicsMagick3-config-1.3.25-47.1

libGraphicsMagickWand-Q16-2-1.3.25-47.1

libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-47.1

perl-GraphicsMagick-1.3.25-47.1

perl-GraphicsMagick-debuginfo-1.3.25-47.1



- openSUSE Leap 42.2 (i586 x86_64):



GraphicsMagick-1.3.25-11.48.1

GraphicsMagick-debuginfo-1.3.25-11.48.1

GraphicsMagick-debugsource-1.3.25-11.48.1

GraphicsMagick-devel-1.3.25-11.48.1

libGraphicsMagick++-Q16-12-1.3.25-11.48.1

libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.48.1

libGraphicsMagick++-devel-1.3.25-11.48.1

libGraphicsMagick-Q16-3-1.3.25-11.48.1

libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.48.1

libGraphicsMagick3-config-1.3.25-11.48.1

libGraphicsMagickWand-Q16-2-1.3.25-11.48.1

libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.48.1

perl-GraphicsMagick-1.3.25-11.48.1

perl-GraphicsMagick-debuginfo-1.3.25-11.48.1





References:



