Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

openSUSE: 2018:2833-1 Vulnerability: GraphicsMagick Memory Leak Issue

opensuse
Calendar Grey September 24, 2018
Dist Opensuse Esm H88
The latest update addresses two critical vulnerabilities in GraphicsMagick - one involving a memory leak and the other pertaining to denial of service that affects openSUSE systems.
An update that fixes two vulnerabilities is now available.

Description

This update for GraphicsMagick fixes the following security issue:

- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function

(bsc#1108283).

An earlier update added a change that also fixed this issues that was

unknown at the time of release:

- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed

an attacker to cause a denial of service (WriteBlob assertion failure

and application exit) via a crafted file (bsc#1108282).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1045=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-108.1

GraphicsMagick-debuginfo-1.3.25-108.1

GraphicsMagick-debugsource-1.3.25-108.1

GraphicsMagick-devel-1.3.25-108.1

libGraphicsMagick++-Q16-12-1.3.25-108.1

libGraphicsMagick++-Q16-12-debuginfo-1.3.25-108.1

libGraphicsMagick++-devel-1.3.25-108.1

libGraphicsMagick-Q16-3-1.3.25-108.1

libGraphicsMagick-Q16-3-debuginfo-1.3.25-108.1

libGraphicsMagick3-config-1.3.25-108.1

libGraphicsMagickWand-Q16-2-1.3.25-108.1

libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-108.1

perl-GraphicsMagick-1.3.25-108.1

perl-GraphicsMagick-debuginfo-1.3.25-108.1

References

https://www.suse.com/security/cve/CVE-2018-16749.html

https://www.suse.com/security/cve/CVE-2018-16750.html

https://bugzilla.suse.com/show_bug.cgi?id=1108282

https://bugzilla.suse.com/show_bug.cgi?id=1108283

--

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2833-1
Rating: low
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.