Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
- CVE-2016-5118: popen() shell vulnerability via special filenames (bnc#982178).
- CVE-2013-4589: The ExportAlphaQuantumType function in export.c in GraphicsMagick might have allowed remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image (bsc#851064).
- CVE-2015-8808: Out-of-bound read in the parsing of GIF files (bnc#965574).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-4.38.1
libGraphicsMagick2-1.2.5-4.38.1
perl-GraphicsMagick-1.2.5-4.38.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-4.38.1
libGraphicsMagick2-1.2.5-4.38.1
Ссылки
- Link for SUSE-SU-2016:1614-1
- E-Mail link for SUSE-SU-2016:1614-1
- SUSE Security Ratings
- SUSE Bug 851064
- SUSE Bug 965574
- SUSE Bug 982178
- SUSE CVE CVE-2013-4589 page
- SUSE CVE CVE-2015-8808 page
- SUSE CVE CVE-2016-5118 page
Описание
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.38.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.38.1
Ссылки
- CVE-2013-4589
- SUSE Bug 851064
Описание
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.38.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.38.1
Ссылки
- CVE-2015-8808
- SUSE Bug 965574
Описание
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.38.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.38.1
Ссылки
- CVE-2016-5118
- SUSE Bug 1000484
- SUSE Bug 982178