SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:3435-1
Rating:             important
References:         #1050632 #1052450 #1054757 #1055214 #1056426 
                    #1056429 #1057508 #1058485 #1058637 #1066003 
                    #1067181 #1067184 #1067409 
Cross-References:   CVE-2016-7996 CVE-2017-11640 CVE-2017-12587
                    CVE-2017-12983 CVE-2017-13134 CVE-2017-13776
                    CVE-2017-13777 CVE-2017-14165 CVE-2017-14341
                    CVE-2017-14342 CVE-2017-15930 CVE-2017-16545
                    CVE-2017-16546 CVE-2017-16669
Affected Products:
                    SUSE Studio Onsite 1.3
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:

   This update for GraphicsMagick fixes the following issues:

     * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in
       coders/tiff.c could lead to denial of service [bsc#1050632]
     * CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c
       could lead to denial of service [bsc#1058485]
     * CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead
       to denial of service [bsc#1058637]
     * CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could
       lead to denial of service [bsc#1067181]
     * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in
       validation problems could lead to denial of service [bsc#1067184]
     * CVE-2017-16669: coders/wpg.c  allows remote attackers to cause a
       denial of service via crafted file [bsc#1067409]
     * CVE-2017-13776: denial of service issue in ReadXBMImage() in a
       coders/xbm.c [bsc#1056429]
     * CVE-2017-13777: denial of service issue in ReadXBMImage() in a
       coders/xbm.c [bsc#1056426]
     * CVE-2017-13134: heap-based buffer over-read in the function SFWScan in
       coders/sfw.c could lead to denial of service via a crafted file
       [bsc#1055214]
     * CVE-2017-15930: Null Pointer dereference  while transfering JPEG
       scanlines could lead to denial of service [bsc#1066003]
     * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage
       function in coders/sfw.c allows remote attackers to cause a denial of
       service (application crash) or possibly have unspecified other impact
       via a crafted file. [bsc#1054757]
     * CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue
       where memory allocation is excessive because it depends only on a
       length field in a header. This may lead to remote denial of service in
       the MagickMalloc function in magick/memory.c. [bsc#1057508]
     * CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function
       in coders\pwp.c. [bsc#1052450]


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-GraphicsMagick-13386=1

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-GraphicsMagick-13386=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-GraphicsMagick-13386=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      GraphicsMagick-1.2.5-4.78.19.1
      libGraphicsMagick2-1.2.5-4.78.19.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-1.2.5-4.78.19.1
      libGraphicsMagick2-1.2.5-4.78.19.1
      perl-GraphicsMagick-1.2.5-4.78.19.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      GraphicsMagick-debuginfo-1.2.5-4.78.19.1
      GraphicsMagick-debugsource-1.2.5-4.78.19.1


References:

   https://www.suse.com/security/cve/CVE-2016-7996.html
   https://www.suse.com/security/cve/CVE-2017-11640.html
   https://www.suse.com/security/cve/CVE-2017-12587.html
   https://www.suse.com/security/cve/CVE-2017-12983.html
   https://www.suse.com/security/cve/CVE-2017-13134.html
   https://www.suse.com/security/cve/CVE-2017-13776.html
   https://www.suse.com/security/cve/CVE-2017-13777.html
   https://www.suse.com/security/cve/CVE-2017-14165.html
   https://www.suse.com/security/cve/CVE-2017-14341.html
   https://www.suse.com/security/cve/CVE-2017-14342.html
   https://www.suse.com/security/cve/CVE-2017-15930.html
   https://www.suse.com/security/cve/CVE-2017-16545.html
   https://www.suse.com/security/cve/CVE-2017-16546.html
   https://www.suse.com/security/cve/CVE-2017-16669.html
   https://bugzilla.suse.com/1050632
   https://bugzilla.suse.com/1052450
   https://bugzilla.suse.com/1054757
   https://bugzilla.suse.com/1055214
   https://bugzilla.suse.com/1056426
   https://bugzilla.suse.com/1056429
   https://bugzilla.suse.com/1057508
   https://bugzilla.suse.com/1058485
   https://bugzilla.suse.com/1058637
   https://bugzilla.suse.com/1066003
   https://bugzilla.suse.com/1067181
   https://bugzilla.suse.com/1067184
   https://bugzilla.suse.com/1067409

SuSE: 2017:3435-1: important: GraphicsMagick

December 27, 2017
An update that fixes 14 vulnerabilities is now available

Summary

This update for GraphicsMagick fixes the following issues: * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c could lead to denial of service [bsc#1050632] * CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead to denial of service [bsc#1058637] * CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: coders/wpg.c allows remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056429] * CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c [bsc#1056426] * CVE-2017-13134: heap-based buffer over-read in the function SFWScan in coders/sfw.c could lead to denial of service via a crafted file [bsc#1055214] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. [bsc#1054757] * CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. [bsc#1057508] * CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function in coders\pwp.c. [bsc#1052450] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13386=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13386=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13386=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.19.1 libGraphicsMagick2-1.2.5-4.78.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.19.1 libGraphicsMagick2-1.2.5-4.78.19.1 perl-GraphicsMagick-1.2.5-4.78.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.19.1 GraphicsMagick-debugsource-1.2.5-4.78.19.1

References

#1050632 #1052450 #1054757 #1055214 #1056426

#1056429 #1057508 #1058485 #1058637 #1066003

#1067181 #1067184 #1067409

Cross- CVE-2016-7996 CVE-2017-11640 CVE-2017-12587

CVE-2017-12983 CVE-2017-13134 CVE-2017-13776

CVE-2017-13777 CVE-2017-14165 CVE-2017-14341

CVE-2017-14342 CVE-2017-15930 CVE-2017-16545

CVE-2017-16546 CVE-2017-16669

Affected Products:

SUSE Studio Onsite 1.3

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2016-7996.html

https://www.suse.com/security/cve/CVE-2017-11640.html

https://www.suse.com/security/cve/CVE-2017-12587.html

https://www.suse.com/security/cve/CVE-2017-12983.html

https://www.suse.com/security/cve/CVE-2017-13134.html

https://www.suse.com/security/cve/CVE-2017-13776.html

https://www.suse.com/security/cve/CVE-2017-13777.html

https://www.suse.com/security/cve/CVE-2017-14165.html

https://www.suse.com/security/cve/CVE-2017-14341.html

https://www.suse.com/security/cve/CVE-2017-14342.html

https://www.suse.com/security/cve/CVE-2017-15930.html

https://www.suse.com/security/cve/CVE-2017-16545.html

https://www.suse.com/security/cve/CVE-2017-16546.html

https://www.suse.com/security/cve/CVE-2017-16669.html

https://bugzilla.suse.com/1050632

https://bugzilla.suse.com/1052450

https://bugzilla.suse.com/1054757

https://bugzilla.suse.com/1055214

https://bugzilla.suse.com/1056426

https://bugzilla.suse.com/1056429

https://bugzilla.suse.com/1057508

https://bugzilla.suse.com/1058485

https://bugzilla.suse.com/1058637

https://bugzilla.suse.com/1066003

https://bugzilla.suse.com/1067181

https://bugzilla.suse.com/1067184

https://bugzilla.suse.com/1067409

Severity
Announcement ID: SUSE-SU-2017:3435-1
Rating: important

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved