openSUSE: 2019:1295-1: moderate: GraphicsMagick
Description
This update for GraphicsMagick fixes the following issues: - CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058) - CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061) - CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055) - CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060) - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054) - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053) This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-1295=1
Package List
- openSUSE Backports SLE-15 (x86_64): GraphicsMagick-1.3.29-bp150.2.18.1 GraphicsMagick-devel-1.3.29-bp150.2.18.1 libGraphicsMagick++-Q16-12-1.3.29-bp150.2.18.1 libGraphicsMagick++-devel-1.3.29-bp150.2.18.1 libGraphicsMagick-Q16-3-1.3.29-bp150.2.18.1 libGraphicsMagick3-config-1.3.29-bp150.2.18.1 libGraphicsMagickWand-Q16-2-1.3.29-bp150.2.18.1 perl-GraphicsMagick-1.3.29-bp150.2.18.1
References
https://www.suse.com/security/cve/CVE-2019-11005.html https://www.suse.com/security/cve/CVE-2019-11006.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-11010.html https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132055 https://bugzilla.suse.com/1132058 https://bugzilla.suse.com/1132060 https://bugzilla.suse.com/1132061--