SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1783-1
Rating:             important
References:         #965853 #983234 #983259 #983309 #983455 #983521 
                    #983523 #983533 #983752 #983794 #983796 #983799 
                    #983803 #984028 #984032 #984035 #984135 #984142 
                    #984144 #984145 #984150 #984166 #984181 #984193 
                    #984372 #984373 #984375 #984379 #984394 #984398 
                    #984400 #984408 #984409 #984433 #984436 #985442 
                    
Cross-References:   CVE-2014-9805 CVE-2014-9807 CVE-2014-9808
                    CVE-2014-9809 CVE-2014-9810 CVE-2014-9811
                    CVE-2014-9813 CVE-2014-9814 CVE-2014-9815
                    CVE-2014-9816 CVE-2014-9817 CVE-2014-9818
                    CVE-2014-9819 CVE-2014-9820 CVE-2014-9828
                    CVE-2014-9829 CVE-2014-9830 CVE-2014-9831
                    CVE-2014-9834 CVE-2014-9835 CVE-2014-9837
                    CVE-2014-9839 CVE-2014-9840 CVE-2014-9844
                    CVE-2014-9845 CVE-2014-9846 CVE-2014-9847
                    CVE-2014-9853 CVE-2015-8894 CVE-2015-8896
                    CVE-2015-8901 CVE-2015-8903 CVE-2016-2317
                    CVE-2016-2318 CVE-2016-5240 CVE-2016-5241
                    CVE-2016-5688
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 37 vulnerabilities is now available.

Description:

   GraphicsMagick was updated to fix 37 security issues.

   These security issues were fixed:
   - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).
   - CVE-2014-9811: Crash in xwd file handler (bsc#984032).
   - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
   - CVE-2014-9814: NULL pointer dereference in wpg file handling
     (bsc#984193).
   - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
   - CVE-2014-9816: Out of bound access in viff image (bsc#984398).
   - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
   - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
   - CVE-2014-9819: Heap overflow in palm files (bsc#984142).
   - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
   - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
   - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).
   - CVE-2014-9834: Heap overflow in pict file (bsc#984436).
   - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
   - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
   - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
   - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG
     (bsc#985442).
   - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
   - CVE-2015-8896: Double free / integer truncation issue in
     coders/pict.c:2000 (bsc#983533).
   - CVE-2014-9807: Double free in pdb coder. (bsc#983794).
   - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).
   - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752).
   - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).
   - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).
   - CVE-2014-9839: Theoretical out of bound access in
     magick/colormap-private.h (bsc#984379).
   - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).
   - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop)
     (bsc#983309).
   - CVE-2014-9840: Out of bound access in palm file (bsc#984433).
   - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder
     (bsc#984144).
   - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion
     (bsc#983455).
   - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).
   - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).
   - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).
   - CVE-2014-9829: Out of bound access in sun file (bsc#984409).
   - CVE-2014-9846: Added checks to prevent overflow in rle file.
     (bsc#983521).
   - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG
     files (bsc#965853).
   - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG
     files (bsc#965853).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-GraphicsMagick-12644=1

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-GraphicsMagick-12644=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-GraphicsMagick-12644=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      GraphicsMagick-1.2.5-4.41.1
      libGraphicsMagick2-1.2.5-4.41.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-1.2.5-4.41.1
      libGraphicsMagick2-1.2.5-4.41.1
      perl-GraphicsMagick-1.2.5-4.41.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-debuginfo-1.2.5-4.41.1
      GraphicsMagick-debugsource-1.2.5-4.41.1


References:

   https://www.suse.com/security/cve/CVE-2014-9805.html
   https://www.suse.com/security/cve/CVE-2014-9807.html
   https://www.suse.com/security/cve/CVE-2014-9808.html
   https://www.suse.com/security/cve/CVE-2014-9809.html
   https://www.suse.com/security/cve/CVE-2014-9810.html
   https://www.suse.com/security/cve/CVE-2014-9811.html
   https://www.suse.com/security/cve/CVE-2014-9813.html
   https://www.suse.com/security/cve/CVE-2014-9814.html
   https://www.suse.com/security/cve/CVE-2014-9815.html
   https://www.suse.com/security/cve/CVE-2014-9816.html
   https://www.suse.com/security/cve/CVE-2014-9817.html
   https://www.suse.com/security/cve/CVE-2014-9818.html
   https://www.suse.com/security/cve/CVE-2014-9819.html
   https://www.suse.com/security/cve/CVE-2014-9820.html
   https://www.suse.com/security/cve/CVE-2014-9828.html
   https://www.suse.com/security/cve/CVE-2014-9829.html
   https://www.suse.com/security/cve/CVE-2014-9830.html
   https://www.suse.com/security/cve/CVE-2014-9831.html
   https://www.suse.com/security/cve/CVE-2014-9834.html
   https://www.suse.com/security/cve/CVE-2014-9835.html
   https://www.suse.com/security/cve/CVE-2014-9837.html
   https://www.suse.com/security/cve/CVE-2014-9839.html
   https://www.suse.com/security/cve/CVE-2014-9840.html
   https://www.suse.com/security/cve/CVE-2014-9844.html
   https://www.suse.com/security/cve/CVE-2014-9845.html
   https://www.suse.com/security/cve/CVE-2014-9846.html
   https://www.suse.com/security/cve/CVE-2014-9847.html
   https://www.suse.com/security/cve/CVE-2014-9853.html
   https://www.suse.com/security/cve/CVE-2015-8894.html
   https://www.suse.com/security/cve/CVE-2015-8896.html
   https://www.suse.com/security/cve/CVE-2015-8901.html
   https://www.suse.com/security/cve/CVE-2015-8903.html
   https://www.suse.com/security/cve/CVE-2016-2317.html
   https://www.suse.com/security/cve/CVE-2016-2318.html
   https://www.suse.com/security/cve/CVE-2016-5240.html
   https://www.suse.com/security/cve/CVE-2016-5241.html
   https://www.suse.com/security/cve/CVE-2016-5688.html
   https://bugzilla.suse.com/965853
   https://bugzilla.suse.com/983234
   https://bugzilla.suse.com/983259
   https://bugzilla.suse.com/983309
   https://bugzilla.suse.com/983455
   https://bugzilla.suse.com/983521
   https://bugzilla.suse.com/983523
   https://bugzilla.suse.com/983533
   https://bugzilla.suse.com/983752
   https://bugzilla.suse.com/983794
   https://bugzilla.suse.com/983796
   https://bugzilla.suse.com/983799
   https://bugzilla.suse.com/983803
   https://bugzilla.suse.com/984028
   https://bugzilla.suse.com/984032
   https://bugzilla.suse.com/984035
   https://bugzilla.suse.com/984135
   https://bugzilla.suse.com/984142
   https://bugzilla.suse.com/984144
   https://bugzilla.suse.com/984145
   https://bugzilla.suse.com/984150
   https://bugzilla.suse.com/984166
   https://bugzilla.suse.com/984181
   https://bugzilla.suse.com/984193
   https://bugzilla.suse.com/984372
   https://bugzilla.suse.com/984373
   https://bugzilla.suse.com/984375
   https://bugzilla.suse.com/984379
   https://bugzilla.suse.com/984394
   https://bugzilla.suse.com/984398
   https://bugzilla.suse.com/984400
   https://bugzilla.suse.com/984408
   https://bugzilla.suse.com/984409
   https://bugzilla.suse.com/984433
   https://bugzilla.suse.com/984436
   https://bugzilla.suse.com/985442

SuSE: 2016:1783-1: important: GraphicsMagick

July 11, 2016
An update that fixes 37 vulnerabilities is now available

Summary

GraphicsMagick was updated to fix 37 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752). - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (bsc#983309). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder (bsc#984144). - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (bsc#983455). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (bsc#965853). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12644=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12644=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12644=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.41.1 libGraphicsMagick2-1.2.5-4.41.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.41.1 libGraphicsMagick2-1.2.5-4.41.1 perl-GraphicsMagick-1.2.5-4.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.41.1 GraphicsMagick-debugsource-1.2.5-4.41.1

References

#965853 #983234 #983259 #983309 #983455 #983521

#983523 #983533 #983752 #983794 #983796 #983799

#983803 #984028 #984032 #984035 #984135 #984142

#984144 #984145 #984150 #984166 #984181 #984193

#984372 #984373 #984375 #984379 #984394 #984398

#984400 #984408 #984409 #984433 #984436 #985442

Cross- CVE-2014-9805 CVE-2014-9807 CVE-2014-9808

CVE-2014-9809 CVE-2014-9810 CVE-2014-9811

CVE-2014-9813 CVE-2014-9814 CVE-2014-9815

CVE-2014-9816 CVE-2014-9817 CVE-2014-9818

CVE-2014-9819 CVE-2014-9820 CVE-2014-9828

CVE-2014-9829 CVE-2014-9830 CVE-2014-9831

CVE-2014-9834 CVE-2014-9835 CVE-2014-9837

CVE-2014-9839 CVE-2014-9840 CVE-2014-9844

CVE-2014-9845 CVE-2014-9846 CVE-2014-9847

CVE-2014-9853 CVE-2015-8894 CVE-2015-8896

CVE-2015-8901 CVE-2015-8903 CVE-2016-2317

CVE-2016-2318 CVE-2016-5240 CVE-2016-5241

CVE-2016-5688

Affected Products:

SUSE Studio Onsite 1.3

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2014-9805.html

https://www.suse.com/security/cve/CVE-2014-9807.html

https://www.suse.com/security/cve/CVE-2014-9808.html

https://www.suse.com/security/cve/CVE-2014-9809.html

https://www.suse.com/security/cve/CVE-2014-9810.html

https://www.suse.com/security/cve/CVE-2014-9811.html

https://www.suse.com/security/cve/CVE-2014-9813.html

https://www.suse.com/security/cve/CVE-2014-9814.html

https://www.suse.com/security/cve/CVE-2014-9815.html

https://www.suse.com/security/cve/CVE-2014-9816.html

https://www.suse.com/security/cve/CVE-2014-9817.html

https://www.suse.com/security/cve/CVE-2014-9818.html

https://www.suse.com/security/cve/CVE-2014-9819.html

https://www.suse.com/security/cve/CVE-2014-9820.html

https://www.suse.com/security/cve/CVE-2014-9828.html

https://www.suse.com/security/cve/CVE-2014-9829.html

https://www.suse.com/security/cve/CVE-2014-9830.html

https://www.suse.com/security/cve/CVE-2014-9831.html

https://www.suse.com/security/cve/CVE-2014-9834.html

https://www.suse.com/security/cve/CVE-2014-9835.html

https://www.suse.com/security/cve/CVE-2014-9837.html

https://www.suse.com/security/cve/CVE-2014-9839.html

https://www.suse.com/security/cve/CVE-2014-9840.html

https://www.suse.com/security/cve/CVE-2014-9844.html

https://www.suse.com/security/cve/CVE-2014-9845.html

https://www.suse.com/security/cve/CVE-2014-9846.html

https://www.suse.com/security/cve/CVE-2014-9847.html

https://www.suse.com/security/cve/CVE-2014-9853.html

https://www.suse.com/security/cve/CVE-2015-8894.html

https://www.suse.com/security/cve/CVE-2015-8896.html

https://www.suse.com/security/cve/CVE-2015-8901.html

https://www.suse.com/security/cve/CVE-2015-8903.html

https://www.suse.com/security/cve/CVE-2016-2317.html

https://www.suse.com/security/cve/CVE-2016-2318.html

https://www.suse.com/security/cve/CVE-2016-5240.html

https://www.suse.com/security/cve/CVE-2016-5241.html

https://www.suse.com/security/cve/CVE-2016-5688.html

https://bugzilla.suse.com/965853

https://bugzilla.suse.com/983234

https://bugzilla.suse.com/983259

https://bugzilla.suse.com/983309

https://bugzilla.suse.com/983455

https://bugzilla.suse.com/983521

https://bugzilla.suse.com/983523

https://bugzilla.suse.com/983533

https://bugzilla.suse.com/983752

https://bugzilla.suse.com/983794

https://bugzilla.suse.com/983796

https://bugzilla.suse.com/983799

https://bugzilla.suse.com/983803

https://bugzilla.suse.com/984028

https://bugzilla.suse.com/984032

https://bugzilla.suse.com/984035

https://bugzilla.suse.com/984135

https://bugzilla.suse.com/984142

https://bugzilla.suse.com/984144

https://bugzilla.suse.com/984145

https://bugzilla.suse.com/984150

https://bugzilla.suse.com/984166

https://bugzilla.suse.com/984181

https://bugzilla.suse.com/984193

https://bugzilla.suse.com/984372

https://bugzilla.suse.com/984373

https://bugzilla.suse.com/984375

https://bugzilla.suse.com/984379

https://bugzilla.suse.com/984394

https://bugzilla.suse.com/984398

https://bugzilla.suse.com/984400

https://bugzilla.suse.com/984408

https://bugzilla.suse.com/984409

https://bugzilla.suse.com/984433

https://bugzilla.suse.com/984436

https://bugzilla.suse.com/985442

Severity
Announcement ID: SUSE-SU-2016:1783-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved