Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in GraphicsMagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GraphicsMagick
ID: openSUSE-SU-2018:1421-1
Distribution: SUSE
Plattformen: openSUSE Leap 15.0
Datum: Fr, 25. Mai 2018, 12:03
Referenzen: Keine Angabe
Applikationen: GraphicsMagick

Originalnachricht

 
   openSUSE Security Update: Recommended update for GraphicsMagick
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:1421-1
Rating:             moderate
References:         #1094352 
Affected Products:
                    openSUSE Leap 15.0
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:



   GraphicsMagick was updated to 1.3.29:

   * Security Fixes:

     - GraphicsMagick is now participating in Google's oss-fuzz project
     - JNG: Require that the embedded JPEG image have the same dimensions as
       the JNG image as provided by JHDR. Avoids a heap write overflow.
     - MNG: Arbitrarily limit the number of loops which may be requested by
       the MNG LOOP chunk to 512 loops, and provide the '-define
       mng:maximum-loops=value' option in case the user wants to change the
       limit.  This fixes a denial of service caused by large LOOP
       specifications.

   * Bug fixes:

     - DICOM: Pre/post rescale functions are temporarily disabled (until the
       implementation is fixed).
     - JPEG: Fix regression in last release in which reading some JPEG files
       produces the error "Improper call to JPEG library in state 201".
     - ICON: Some DIB-based Windows ICON files were reported as corrupt to an
       unexpectedly missing opacity mask image.
     - In-memory Blob I/O: Don't implicitly increase the allocation size
 due
       to seek offsets.
     - MNG: Detect and handle failure to allocate global PLTE. Fix divide by
       zero.
     - DrawGetStrokeDashArray(): Check for failure to allocate memory.
     - BlobToImage(): Now produces useful exception reports to cover the
       cases where 'magick' was not set and the file format could not
 be
       deduced from its header.

   * API Updates:

     - Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(),
       MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap()
       based on contributions by Troy Patteson.
     - New structure ImageExtra added and Image 'clip_mask' member is
       replaced by 'extra' which points to private ImageExtra
 allocation. The
       ImageGetClipMask() function now provides access to the clip mask image.
     - New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced
 by
       'extra' which points to private DrawInfoExtra allocation.  The
       DrawInfoGetClipPath() function now provides access to the clip path.
     - New core library functions: GetImageCompositeMask(),
       CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(),
       ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(),
       DrawInfoGetCompositePath()
     - Deprecated core library functions: RegisterStaticModules(),
       UnregisterStaticModules().

   * Feature improvements:
     - Static modules (in static library or shared library without
       dynamically loadable modules) are now lazy-loaded using the same
       external interface as the lazy-loader for dynamic modules.  This
       results in more similarity between the builds and reduces the fixed
       initialization overhead by only initializing the modules which are
       used.
     - SVG: The quality of SVG support has been significantly improved due to
       the efforts of Greg Wolfe.
     - FreeType/TTF rendering: Rendering fixes for opacity.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended
 installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2018-518=1



Package List:

   - openSUSE Leap 15.0 (x86_64):

      GraphicsMagick-1.3.29-lp150.3.3.1
      GraphicsMagick-debuginfo-1.3.29-lp150.3.3.1
      GraphicsMagick-debugsource-1.3.29-lp150.3.3.1
      GraphicsMagick-devel-1.3.29-lp150.3.3.1
      libGraphicsMagick++-Q16-12-1.3.29-lp150.3.3.1
      libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.3.1
      libGraphicsMagick++-devel-1.3.29-lp150.3.3.1
      libGraphicsMagick-Q16-3-1.3.29-lp150.3.3.1
      libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.3.1
      libGraphicsMagick3-config-1.3.29-lp150.3.3.1
      libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.3.1
      libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.3.1
      perl-GraphicsMagick-1.3.29-lp150.3.3.1
      perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.3.1


References:

   https://bugzilla.suse.com/1094352

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung