Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE: 2019:1355-1 Moderate: GraphicsMagick Buffer Overflow

opensuse
Calendar Grey May 9, 2019
Dist Opensuse Esm H88
Updates to address several medium-level security vulnerabilities in GraphicsMagick are now accessible for openSUSE users.
An update that fixes 6 vulnerabilities is now available.

Description

This update for GraphicsMagick fixes the following issues:

Security issues fixed:

- CVE-2019-11506: Fixed a heap-based buffer overflow in the function

WriteMATLABImage (boo#1133498).

- CVE-2019-11505: Fixed a heap-based buffer overflow in the function

WritePDBImage (boo#1133501).

The following fixes where modified and refreshed:

- CVE-2019-11008: Fixed a heap-based buffer overflow in the function

WriteXWDImage (boo#1132054).

- CVE-2019-11009: Fixed a heap-based buffer over-read in the function

ReadXWDImage (boo#1132053).

- CVE-2019-11473: Fixed an out-of-bounds read leading to a possible denial

of service in coders/xwd.c (boo#1133203).

- CVE-2019-11474: Fixed a floating-point exception leading to a possible

denial of service in coders/xwd.c (boo#1133202).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1355=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-135.1

GraphicsMagick-debuginfo-1.3.25-135.1

GraphicsMagick-debugsource-1.3.25-135.1

GraphicsMagick-devel-1.3.25-135.1

libGraphicsMagick++-Q16-12-1.3.25-135.1

libGraphicsMagick++-Q16-12-debuginfo-1.3.25-135.1

libGraphicsMagick++-devel-1.3.25-135.1

libGraphicsMagick-Q16-3-1.3.25-135.1

libGraphicsMagick-Q16-3-debuginfo-1.3.25-135.1

libGraphicsMagick3-config-1.3.25-135.1

libGraphicsMagickWand-Q16-2-1.3.25-135.1

libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-135.1

perl-GraphicsMagick-1.3.25-135.1

perl-GraphicsMagick-debuginfo-1.3.25-135.1

References

https://www.suse.com/security/cve/CVE-2019-11008.html

https://www.suse.com/security/cve/CVE-2019-11009.html

https://www.suse.com/security/cve/CVE-2019-11473.html

https://www.suse.com/security/cve/CVE-2019-11474.html

https://www.suse.com/security/cve/CVE-2019-11505.html

https://www.suse.com/security/cve/CVE-2019-11506.html

https://bugzilla.suse.com/1132053

https://bugzilla.suse.com/1132054

https://bugzilla.suse.com/1133202

https://bugzilla.suse.com/1133203

https://bugzilla.suse.com/1133498

https://bugzilla.suse.com/1133501

--

Announcement ID: openSUSE-SU-2019:1355-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.