openSUSE-SU-2019:1-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

Security vulnerabilities fixed:

CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)
CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790)

Список пакетов

openSUSE Leap 15.0

GraphicsMagick-1.3.29-lp150.3.18.1

GraphicsMagick-devel-1.3.29-lp150.3.18.1

libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1

libGraphicsMagick++-devel-1.3.29-lp150.3.18.1

libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1

libGraphicsMagick3-config-1.3.29-lp150.3.18.1

libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1

perl-GraphicsMagick-1.3.29-lp150.3.18.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY/#XQWUXM5I4JV4BSLELC7N5TQKRBPM4YQY
E-Mail link for openSUSE-SU-2019:1-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1119790
SUSE Bug 1119790
https://bugzilla.suse.com/1119822
SUSE Bug 1119822
https://www.suse.com/security/cve/CVE-2018-20184/
SUSE CVE CVE-2018-20184 page
https://www.suse.com/security/cve/CVE-2018-20189/
SUSE CVE CVE-2018-20189 page

Описание

In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.

Затронутые продукты

openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20184.html
CVE-2018-20184
https://bugzilla.suse.com/1119822
SUSE Bug 1119822

Описание

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.

Затронутые продукты

openSUSE Leap 15.0:GraphicsMagick-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:GraphicsMagick-devel-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1

openSUSE Leap 15.0:libGraphicsMagick++-devel-1.3.29-lp150.3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20189.html
CVE-2018-20189
https://bugzilla.suse.com/1119790
SUSE Bug 1119790

openSUSE-SU-2019:1-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-20184

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-20189

Описание

Затронутые продукты

Ссылки