SUSE-SU-2018:0413-1: moderate: Security update for GraphicsMagick

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Feb 9 13:08:36 MST 2018


   SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0413-1
Rating:             moderate
References:         #1043353 #1043354 #1047908 #1047910 #1050037 
                    #1050072 #1050100 #1051442 #1052470 #1052708 
                    #1052717 #1052768 #1052777 #1052781 #1054600 
                    #1055038 #1055374 #1055455 #1055456 #1057000 
                    #1060162 #1062752 #1067198 #1073690 #1074023 
                    #1074120 #1074125 #1074175 #1075939 
Cross-References:   CVE-2014-9811 CVE-2017-10995 CVE-2017-11102
                    CVE-2017-11505 CVE-2017-11526 CVE-2017-11539
                    CVE-2017-11750 CVE-2017-12565 CVE-2017-12640
                    CVE-2017-12641 CVE-2017-12643 CVE-2017-12673
                    CVE-2017-12676 CVE-2017-12935 CVE-2017-13065
                    CVE-2017-13141 CVE-2017-13142 CVE-2017-13147
                    CVE-2017-14103 CVE-2017-14174 CVE-2017-14649
                    CVE-2017-15218 CVE-2017-15238 CVE-2017-16669
                    CVE-2017-17501 CVE-2017-17504 CVE-2017-17782
                    CVE-2017-17879 CVE-2017-17884 CVE-2017-17915
                    CVE-2017-8352 CVE-2017-9261 CVE-2017-9262
                    CVE-2018-5685
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 34 vulnerabilities is now available.

Description:

   This update for GraphicsMagick fixes several issues.

   These security issues were fixed:

   - CVE-2017-13065: Prevent NULL pointer dereference in the function
     SVGStartElement (bsc#1055038).
   - CVE-2018-5685: Prevent infinite loop and application hang in the
     ReadBMPImage function. Remote attackers could leverage this
     vulnerability to cause a denial
     of service via an image file with a crafted bit-field mask value
      (bsc#1075939).
   - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
     attackers to cause a denial of service (memory leak) via a crafted file
     (bsc#1043353)
   - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
     attackers to cause a denial of service (memory leak) via a crafted file
     (bsc#1043354)
   - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
     attackers to cause a denial of service (heap-based buffer over-read and
     application crash) via a crafted MNG image (bsc#1047908)
   - CVE-2017-11102: The ReadOneJNGImage function allowed remote attackers to
     cause a denial of service (application crash) during JNG reading via a
     zero-length color_image data structure (bsc#1047910).
   - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
     coders/png.c (bsc#1050037)
   - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (large loop and CPU
     consumption) via a crafted file (bsc#1050072)
   - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (large loop and CPU
     consumption) via a crafted file (bsc#1050100)
   - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (NULL pointer dereference)
     via a crafted file (bsc#1051442)
   - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052470)
   - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052708)
   - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052717)
   - CVE-2017-12643: Prevent a memory exhaustion vulnerability in
     ReadOneJNGImage in coders\png.c (bsc#1052768)
   - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
     in coders\png.c (bsc#1052777)
   - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in
     ReadOneMNGImage in coders/png.c (bsc#1052781)
   - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
     large MNG images, leading to an invalid memory read in the
     SetImageColorCallBack function in magick/image.c (bsc#1054600)
   - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
     in coders/png.c when a small MNG file has a MEND chunk with a large
     length value (bsc#1055374)
   - CVE-2017-13142: Added additional checks for short files to prevent a
     crafted PNG file from triggering a crash (bsc#1055455)
   - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c
     (bsc#1055456)
   - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
     coders/png.c did not properly manage image pointers after certain error
     conditions, which allowed remote attackers to conduct use-after-free
     attacks via a crafted file, related to a ReadMNGImage out-of-order
     CloseBlob call (bsc#1057000)
   - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly
     validate JNG data, leading to a denial of service (assertion failure in
     magick/pixel_cache.c, and application crash) (bsc#1060162)
   - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
     (bsc#1062752)
   - CVE-2017-15238: ReadOneJNGImage had a use-after-free issue when the
     height or width is zero, related to ReadJNGImage (bsc#1067198).
   - CVE-2017-17782: Prevent heap-based buffer over-read in ReadOneJNGImage
     related to oFFs chunk allocation (bsc#1073690).
   - CVE-2017-17501: WriteOnePNGImage had a heap-based buffer over-read that
     could be triggered via a crafted file (bsc#1074023).
   - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in
     coders/png.c, which allowed attackers to cause a denial of service via a
     crafted PNG image file (bsc#1074120)
   - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage
     in coders/png.c, related to length calculation and caused by an
     off-by-one error (bsc#1074125)
   - CVE-2017-17915: Prevent heap-based buffer over-read in ReadMNGImage when
     accessing one byte testing whether a limit has been reached
     (bsc#1074175).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-GraphicsMagick-13461=1

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-GraphicsMagick-13461=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-GraphicsMagick-13461=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      GraphicsMagick-1.2.5-4.78.33.1
      libGraphicsMagick2-1.2.5-4.78.33.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-1.2.5-4.78.33.1
      libGraphicsMagick2-1.2.5-4.78.33.1
      perl-GraphicsMagick-1.2.5-4.78.33.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-debuginfo-1.2.5-4.78.33.1
      GraphicsMagick-debugsource-1.2.5-4.78.33.1


References:

   https://www.suse.com/security/cve/CVE-2014-9811.html
   https://www.suse.com/security/cve/CVE-2017-10995.html
   https://www.suse.com/security/cve/CVE-2017-11102.html
   https://www.suse.com/security/cve/CVE-2017-11505.html
   https://www.suse.com/security/cve/CVE-2017-11526.html
   https://www.suse.com/security/cve/CVE-2017-11539.html
   https://www.suse.com/security/cve/CVE-2017-11750.html
   https://www.suse.com/security/cve/CVE-2017-12565.html
   https://www.suse.com/security/cve/CVE-2017-12640.html
   https://www.suse.com/security/cve/CVE-2017-12641.html
   https://www.suse.com/security/cve/CVE-2017-12643.html
   https://www.suse.com/security/cve/CVE-2017-12673.html
   https://www.suse.com/security/cve/CVE-2017-12676.html
   https://www.suse.com/security/cve/CVE-2017-12935.html
   https://www.suse.com/security/cve/CVE-2017-13065.html
   https://www.suse.com/security/cve/CVE-2017-13141.html
   https://www.suse.com/security/cve/CVE-2017-13142.html
   https://www.suse.com/security/cve/CVE-2017-13147.html
   https://www.suse.com/security/cve/CVE-2017-14103.html
   https://www.suse.com/security/cve/CVE-2017-14174.html
   https://www.suse.com/security/cve/CVE-2017-14649.html
   https://www.suse.com/security/cve/CVE-2017-15218.html
   https://www.suse.com/security/cve/CVE-2017-15238.html
   https://www.suse.com/security/cve/CVE-2017-16669.html
   https://www.suse.com/security/cve/CVE-2017-17501.html
   https://www.suse.com/security/cve/CVE-2017-17504.html
   https://www.suse.com/security/cve/CVE-2017-17782.html
   https://www.suse.com/security/cve/CVE-2017-17879.html
   https://www.suse.com/security/cve/CVE-2017-17884.html
   https://www.suse.com/security/cve/CVE-2017-17915.html
   https://www.suse.com/security/cve/CVE-2017-8352.html
   https://www.suse.com/security/cve/CVE-2017-9261.html
   https://www.suse.com/security/cve/CVE-2017-9262.html
   https://www.suse.com/security/cve/CVE-2018-5685.html
   https://bugzilla.suse.com/1043353
   https://bugzilla.suse.com/1043354
   https://bugzilla.suse.com/1047908
   https://bugzilla.suse.com/1047910
   https://bugzilla.suse.com/1050037
   https://bugzilla.suse.com/1050072
   https://bugzilla.suse.com/1050100
   https://bugzilla.suse.com/1051442
   https://bugzilla.suse.com/1052470
   https://bugzilla.suse.com/1052708
   https://bugzilla.suse.com/1052717
   https://bugzilla.suse.com/1052768
   https://bugzilla.suse.com/1052777
   https://bugzilla.suse.com/1052781
   https://bugzilla.suse.com/1054600
   https://bugzilla.suse.com/1055038
   https://bugzilla.suse.com/1055374
   https://bugzilla.suse.com/1055455
   https://bugzilla.suse.com/1055456
   https://bugzilla.suse.com/1057000
   https://bugzilla.suse.com/1060162
   https://bugzilla.suse.com/1062752
   https://bugzilla.suse.com/1067198
   https://bugzilla.suse.com/1073690
   https://bugzilla.suse.com/1074023
   https://bugzilla.suse.com/1074120
   https://bugzilla.suse.com/1074125
   https://bugzilla.suse.com/1074175
   https://bugzilla.suse.com/1075939



More information about the sle-updates mailing list