You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa GraphicsMagick

Sigurnosni nedostaci programskog paketa GraphicsMagick

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2742-2
Rating: low
References: #1107604 #1107609
Cross-References: CVE-2018-16644 CVE-2018-16645
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for GraphicsMagick fixes the following issues:

– CVE-2018-16644: Added missing check for length in the functions
ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause
a denial of service via a crafted image (bsc#1107609)
– CVE-2018-16645: Prevent excessive memory allocation issue in the
functions ReadBMPImage and ReadDIBImage, which allowed remote attackers
to cause a denial
of service via a crafted image file (bsc#1107604)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1020=1

Package List:

– openSUSE Backports SLE-15 (x86_64):

GraphicsMagick-1.3.29-bp150.2.6.1
GraphicsMagick-debuginfo-1.3.29-bp150.2.6.1
GraphicsMagick-debugsource-1.3.29-bp150.2.6.1
GraphicsMagick-devel-1.3.29-bp150.2.6.1
libGraphicsMagick++-Q16-12-1.3.29-bp150.2.6.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.29-bp150.2.6.1
libGraphicsMagick++-devel-1.3.29-bp150.2.6.1
libGraphicsMagick-Q16-3-1.3.29-bp150.2.6.1
libGraphicsMagick-Q16-3-debuginfo-1.3.29-bp150.2.6.1
libGraphicsMagick3-config-1.3.29-bp150.2.6.1
libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.6.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-bp150.2.6.1
perl-GraphicsMagick-1.3.29-bp150.2.6.1
perl-GraphicsMagick-debuginfo-1.3.29-bp150.2.6.1

References:

https://www.suse.com/security/cve/CVE-2018-16644.html
https://www.suse.com/security/cve/CVE-2018-16645.html
https://bugzilla.suse.com/1107604
https://bugzilla.suse.com/1107609


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2833-1
Rating: low
References: #1108282 #1108283
Cross-References: CVE-2018-16749 CVE-2018-16750
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for GraphicsMagick fixes the following security issue:

– CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function
(bsc#1108283).

An earlier update added a change that also fixed this issues that was
unknown at the time of release:

– CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed
an attacker to cause a denial of service (WriteBlob assertion failure
and application exit) via a crafted file (bsc#1108282).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1045=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-108.1
GraphicsMagick-debuginfo-1.3.25-108.1
GraphicsMagick-debugsource-1.3.25-108.1
GraphicsMagick-devel-1.3.25-108.1
libGraphicsMagick++-Q16-12-1.3.25-108.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-108.1
libGraphicsMagick++-devel-1.3.25-108.1
libGraphicsMagick-Q16-3-1.3.25-108.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-108.1
libGraphicsMagick3-config-1.3.25-108.1
libGraphicsMagickWand-Q16-2-1.3.25-108.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-108.1
perl-GraphicsMagick-1.3.25-108.1
perl-GraphicsMagick-debuginfo-1.3.25-108.1

References:

https://www.suse.com/security/cve/CVE-2018-16749.html
https://www.suse.com/security/cve/CVE-2018-16750.html
https://bugzilla.suse.com/1108282
https://bugzilla.suse.com/1108283


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorVlatka Misic
Cert idNCERT-REF-2018-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje se ažuriranje izdanim...

Close