openSUSE-SU-2018:0328-1

Опубликовано: 31 янв. 2018

Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues.

These security issues were fixed:

CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038)
CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939)
CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021).
CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051).

Список пакетов

openSUSE Leap 42.3

GraphicsMagick-1.3.25-63.1

GraphicsMagick-devel-1.3.25-63.1

libGraphicsMagick++-Q16-12-1.3.25-63.1

libGraphicsMagick++-devel-1.3.25-63.1

libGraphicsMagick-Q16-3-1.3.25-63.1

libGraphicsMagick3-config-1.3.25-63.1

libGraphicsMagickWand-Q16-2-1.3.25-63.1

perl-GraphicsMagick-1.3.25-63.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-02/msg00000.html
E-Mail link for openSUSE-SU-2018:0328-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

Затронутые продукты

openSUSE Leap 42.3:GraphicsMagick-1.3.25-63.1

openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-63.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-13063.html
CVE-2017-13063
https://bugzilla.suse.com/1054598
SUSE Bug 1054598
https://bugzilla.suse.com/1054600
SUSE Bug 1054600
https://bugzilla.suse.com/1055038
SUSE Bug 1055038
https://bugzilla.suse.com/1055050
SUSE Bug 1055050

Описание

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

Затронутые продукты

openSUSE Leap 42.3:GraphicsMagick-1.3.25-63.1

openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-63.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-13065.html
CVE-2017-13065
https://bugzilla.suse.com/1054598
SUSE Bug 1054598
https://bugzilla.suse.com/1054600
SUSE Bug 1054600
https://bugzilla.suse.com/1055038
SUSE Bug 1055038

Описание

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:GraphicsMagick-1.3.25-63.1

openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-63.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18027.html
CVE-2017-18027
https://bugzilla.suse.com/1076051
SUSE Bug 1076051

Описание

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:GraphicsMagick-1.3.25-63.1

openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-63.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18029.html
CVE-2017-18029
https://bugzilla.suse.com/1076021
SUSE Bug 1076021
https://bugzilla.suse.com/1076051
SUSE Bug 1076051

Описание

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

Затронутые продукты

openSUSE Leap 42.3:GraphicsMagick-1.3.25-63.1

openSUSE Leap 42.3:GraphicsMagick-devel-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-Q16-12-1.3.25-63.1

openSUSE Leap 42.3:libGraphicsMagick++-devel-1.3.25-63.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-5685.html
CVE-2018-5685
https://bugzilla.suse.com/1075939
SUSE Bug 1075939

openSUSE-SU-2018:0328-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-13063

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-13065

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-18027

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-18029

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-5685

Описание

Затронутые продукты

Ссылки