| Summary: | graphicsmagick new security issues fixed upstream in 1.3.25 (CVE-2016-744[7-9]) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, marja11, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/700838/ | ||
| Whiteboard: | MGA5-32-OK advisory | ||
| Source RPM: | graphicsmagick-1.3.24-1.2.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-09-07 16:42:26 CEST
(In reply to David Walser from comment #0) > > Freeze push requested for Cauldron, updated checked into Mageia 5 SVN. Assigning to you, then ;-) CC:
(none) =>
marja11 Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: A possible heap overflow of the EscapeParenthesis() function. The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU. The TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software. References: http://www.openwall.com/lists/oss-security/2016/09/07/4 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.25-1.mga5 libgraphicsmagick3-1.3.25-1.mga5 libgraphicsmagick++12-1.3.25-1.mga5 libgraphicsmagickwand2-1.3.25-1.mga5 libgraphicsmagick-devel-1.3.25-1.mga5 perl-Graphics-Magick-1.3.25-1.mga5 graphicsmagick-doc-1.3.25-1.mga5 from graphicsmagick-1.3.25-1.mga5.src.rpm Assignee:
luigiwalser =>
qa-bugs MGA5-32 on Acer D620 Xfce No installation issues. Used CLI gm display <some jpeg> gm convert xxxx.jpg xxxx.png all with success CC:
(none) =>
herman.viaene
Herman Viaene
2016-09-13 15:12:01 CEST
Whiteboard:
(none) =>
MGA5-32-OK
David Walser
2016-09-15 19:34:00 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/700838/ CVEs assigned: http://openwall.com/lists/oss-security/2016/09/18/8 Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: A possible heap overflow of the EscapeParenthesis() function (CVE-2016-7447). The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU (CVE-2016-7448). The TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7449 http://openwall.com/lists/oss-security/2016/09/18/8
David Walser
2016-09-19 18:55:59 CEST
Summary:
graphicsmagick new security issues fixed upstream in 1.3.25 =>
graphicsmagick new security issues fixed upstream in 1.3.25 (CVE-2016-744[7-9])
Dave Hodgins
2016-09-28 04:05:57 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0325.html Status:
NEW =>
RESOLVED |