SUSE-SU-2018:0413-1: moderate: Security update for GraphicsMagick
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Feb 9 13:08:36 MST 2018
SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0413-1
Rating: moderate
References: #1043353 #1043354 #1047908 #1047910 #1050037
#1050072 #1050100 #1051442 #1052470 #1052708
#1052717 #1052768 #1052777 #1052781 #1054600
#1055038 #1055374 #1055455 #1055456 #1057000
#1060162 #1062752 #1067198 #1073690 #1074023
#1074120 #1074125 #1074175 #1075939
Cross-References: CVE-2014-9811 CVE-2017-10995 CVE-2017-11102
CVE-2017-11505 CVE-2017-11526 CVE-2017-11539
CVE-2017-11750 CVE-2017-12565 CVE-2017-12640
CVE-2017-12641 CVE-2017-12643 CVE-2017-12673
CVE-2017-12676 CVE-2017-12935 CVE-2017-13065
CVE-2017-13141 CVE-2017-13142 CVE-2017-13147
CVE-2017-14103 CVE-2017-14174 CVE-2017-14649
CVE-2017-15218 CVE-2017-15238 CVE-2017-16669
CVE-2017-17501 CVE-2017-17504 CVE-2017-17782
CVE-2017-17879 CVE-2017-17884 CVE-2017-17915
CVE-2017-8352 CVE-2017-9261 CVE-2017-9262
CVE-2018-5685
Affected Products:
SUSE Studio Onsite 1.3
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
This update for GraphicsMagick fixes several issues.
These security issues were fixed:
- CVE-2017-13065: Prevent NULL pointer dereference in the function
SVGStartElement (bsc#1055038).
- CVE-2018-5685: Prevent infinite loop and application hang in the
ReadBMPImage function. Remote attackers could leverage this
vulnerability to cause a denial
of service via an image file with a crafted bit-field mask value
(bsc#1075939).
- CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043353)
- CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
attackers to cause a denial of service (memory leak) via a crafted file
(bsc#1043354)
- CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted MNG image (bsc#1047908)
- CVE-2017-11102: The ReadOneJNGImage function allowed remote attackers to
cause a denial of service (application crash) during JNG reading via a
zero-length color_image data structure (bsc#1047910).
- CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
coders/png.c (bsc#1050037)
- CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (large loop and CPU
consumption) via a crafted file (bsc#1050072)
- CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (large loop and CPU
consumption) via a crafted file (bsc#1050100)
- CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
remote attackers to cause a denial of service (NULL pointer dereference)
via a crafted file (bsc#1051442)
- CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052470)
- CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052708)
- CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
coders/png.c, which allowed attackers to cause a denial of service
(bsc#1052717)
- CVE-2017-12643: Prevent a memory exhaustion vulnerability in
ReadOneJNGImage in coders\png.c (bsc#1052768)
- CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
in coders\png.c (bsc#1052777)
- CVE-2017-12640: Prevent an out-of-bounds read vulnerability in
ReadOneMNGImage in coders/png.c (bsc#1052781)
- CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
large MNG images, leading to an invalid memory read in the
SetImageColorCallBack function in magick/image.c (bsc#1054600)
- CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
in coders/png.c when a small MNG file has a MEND chunk with a large
length value (bsc#1055374)
- CVE-2017-13142: Added additional checks for short files to prevent a
crafted PNG file from triggering a crash (bsc#1055455)
- CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c
(bsc#1055456)
- CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
coders/png.c did not properly manage image pointers after certain error
conditions, which allowed remote attackers to conduct use-after-free
attacks via a crafted file, related to a ReadMNGImage out-of-order
CloseBlob call (bsc#1057000)
- CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly
validate JNG data, leading to a denial of service (assertion failure in
magick/pixel_cache.c, and application crash) (bsc#1060162)
- CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
(bsc#1062752)
- CVE-2017-15238: ReadOneJNGImage had a use-after-free issue when the
height or width is zero, related to ReadJNGImage (bsc#1067198).
- CVE-2017-17782: Prevent heap-based buffer over-read in ReadOneJNGImage
related to oFFs chunk allocation (bsc#1073690).
- CVE-2017-17501: WriteOnePNGImage had a heap-based buffer over-read that
could be triggered via a crafted file (bsc#1074023).
- CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in
coders/png.c, which allowed attackers to cause a denial of service via a
crafted PNG image file (bsc#1074120)
- CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an
off-by-one error (bsc#1074125)
- CVE-2017-17915: Prevent heap-based buffer over-read in ReadMNGImage when
accessing one byte testing whether a limit has been reached
(bsc#1074175).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Studio Onsite 1.3:
zypper in -t patch slestso13-GraphicsMagick-13461=1
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-GraphicsMagick-13461=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-GraphicsMagick-13461=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Studio Onsite 1.3 (x86_64):
GraphicsMagick-1.2.5-4.78.33.1
libGraphicsMagick2-1.2.5-4.78.33.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
GraphicsMagick-1.2.5-4.78.33.1
libGraphicsMagick2-1.2.5-4.78.33.1
perl-GraphicsMagick-1.2.5-4.78.33.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
GraphicsMagick-debuginfo-1.2.5-4.78.33.1
GraphicsMagick-debugsource-1.2.5-4.78.33.1
References:
https://www.suse.com/security/cve/CVE-2014-9811.html
https://www.suse.com/security/cve/CVE-2017-10995.html
https://www.suse.com/security/cve/CVE-2017-11102.html
https://www.suse.com/security/cve/CVE-2017-11505.html
https://www.suse.com/security/cve/CVE-2017-11526.html
https://www.suse.com/security/cve/CVE-2017-11539.html
https://www.suse.com/security/cve/CVE-2017-11750.html
https://www.suse.com/security/cve/CVE-2017-12565.html
https://www.suse.com/security/cve/CVE-2017-12640.html
https://www.suse.com/security/cve/CVE-2017-12641.html
https://www.suse.com/security/cve/CVE-2017-12643.html
https://www.suse.com/security/cve/CVE-2017-12673.html
https://www.suse.com/security/cve/CVE-2017-12676.html
https://www.suse.com/security/cve/CVE-2017-12935.html
https://www.suse.com/security/cve/CVE-2017-13065.html
https://www.suse.com/security/cve/CVE-2017-13141.html
https://www.suse.com/security/cve/CVE-2017-13142.html
https://www.suse.com/security/cve/CVE-2017-13147.html
https://www.suse.com/security/cve/CVE-2017-14103.html
https://www.suse.com/security/cve/CVE-2017-14174.html
https://www.suse.com/security/cve/CVE-2017-14649.html
https://www.suse.com/security/cve/CVE-2017-15218.html
https://www.suse.com/security/cve/CVE-2017-15238.html
https://www.suse.com/security/cve/CVE-2017-16669.html
https://www.suse.com/security/cve/CVE-2017-17501.html
https://www.suse.com/security/cve/CVE-2017-17504.html
https://www.suse.com/security/cve/CVE-2017-17782.html
https://www.suse.com/security/cve/CVE-2017-17879.html
https://www.suse.com/security/cve/CVE-2017-17884.html
https://www.suse.com/security/cve/CVE-2017-17915.html
https://www.suse.com/security/cve/CVE-2017-8352.html
https://www.suse.com/security/cve/CVE-2017-9261.html
https://www.suse.com/security/cve/CVE-2017-9262.html
https://www.suse.com/security/cve/CVE-2018-5685.html
https://bugzilla.suse.com/1043353
https://bugzilla.suse.com/1043354
https://bugzilla.suse.com/1047908
https://bugzilla.suse.com/1047910
https://bugzilla.suse.com/1050037
https://bugzilla.suse.com/1050072
https://bugzilla.suse.com/1050100
https://bugzilla.suse.com/1051442
https://bugzilla.suse.com/1052470
https://bugzilla.suse.com/1052708
https://bugzilla.suse.com/1052717
https://bugzilla.suse.com/1052768
https://bugzilla.suse.com/1052777
https://bugzilla.suse.com/1052781
https://bugzilla.suse.com/1054600
https://bugzilla.suse.com/1055038
https://bugzilla.suse.com/1055374
https://bugzilla.suse.com/1055455
https://bugzilla.suse.com/1055456
https://bugzilla.suse.com/1057000
https://bugzilla.suse.com/1060162
https://bugzilla.suse.com/1062752
https://bugzilla.suse.com/1067198
https://bugzilla.suse.com/1073690
https://bugzilla.suse.com/1074023
https://bugzilla.suse.com/1074120
https://bugzilla.suse.com/1074125
https://bugzilla.suse.com/1074175
https://bugzilla.suse.com/1075939
More information about the sle-security-updates
mailing list