openSUSE-SU-2016:3238-1

Опубликовано: 22 дек. 2016

Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This security update for GraphicsMagick fixes the following issues:

a memory allocation failure was fixed (CVE-2016-8866, boo#1009318)
maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640)

Список пакетов

openSUSE Leap 42.1

GraphicsMagick-1.3.25-6.1

GraphicsMagick-devel-1.3.25-6.1

libGraphicsMagick++-Q16-11-1.3.21-23.1

libGraphicsMagick++-Q16-12-1.3.25-6.1

libGraphicsMagick++-devel-1.3.25-6.1

libGraphicsMagick-Q16-3-1.3.25-6.1

libGraphicsMagick3-config-1.3.25-6.1

libGraphicsMagickWand-Q16-2-1.3.25-6.1

perl-GraphicsMagick-1.3.25-6.1

openSUSE Leap 42.2

GraphicsMagick-1.3.25-6.1

GraphicsMagick-devel-1.3.25-6.1

libGraphicsMagick++-Q16-11-1.3.21-23.1

libGraphicsMagick++-Q16-12-1.3.25-6.1

libGraphicsMagick++-devel-1.3.25-6.1

libGraphicsMagick-Q16-3-1.3.25-6.1

libGraphicsMagick3-config-1.3.25-6.1

libGraphicsMagickWand-Q16-2-1.3.25-6.1

perl-GraphicsMagick-1.3.25-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html
E-Mail link for openSUSE-SU-2016:3238-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Затронутые продукты

openSUSE Leap 42.1:GraphicsMagick-1.3.25-6.1

openSUSE Leap 42.1:GraphicsMagick-devel-1.3.25-6.1

openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-23.1

openSUSE Leap 42.1:libGraphicsMagick++-Q16-12-1.3.25-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8866.html
CVE-2016-8866
https://bugzilla.suse.com/1007245
SUSE Bug 1007245
https://bugzilla.suse.com/1009318
SUSE Bug 1009318
https://bugzilla.suse.com/1031267
SUSE Bug 1031267

Описание

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

Затронутые продукты

openSUSE Leap 42.1:GraphicsMagick-1.3.25-6.1

openSUSE Leap 42.1:GraphicsMagick-devel-1.3.25-6.1

openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-23.1

openSUSE Leap 42.1:libGraphicsMagick++-Q16-12-1.3.25-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9830.html
CVE-2016-9830
https://bugzilla.suse.com/1013640
SUSE Bug 1013640

openSUSE-SU-2016:3238-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-8866

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9830

Описание

Затронутые продукты

Ссылки