Fedora has issued an advisory on August 21: https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137120.html We first encountered this in Bug 12742, but it only affected older versions of ImageMagick than what we had. It was found that it also affects GraphicsMagick, however. Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: A buffer overflow flaw was found in the way GraphicsMagick writes PSD images when the input data has a large number of layers. Due to the compilation options used in Mageia, the buffer overflow is reduced to a crash, making this a denial of service issue (CVE-2014-1947). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1947 https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137120.html ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.17-2.3.mga3 libgraphicsmagick3-1.3.17-2.3.mga3 libgraphicsmagickwand2-1.3.17-2.3.mga3 libgraphicsmagick-devel-1.3.17-2.3.mga3 perl-Graphics-Magick-1.3.17-2.3.mga3 graphicsmagick-doc-1.3.17-2.3.mga3 graphicsmagick-1.3.18-3.2.mga4 libgraphicsmagick3-1.3.18-3.2.mga4 libgraphicsmagickwand2-1.3.18-3.2.mga4 libgraphicsmagick-devel-1.3.18-3.2.mga4 perl-Graphics-Magick-1.3.18-3.2.mga4 graphicsmagick-doc-1.3.18-3.2.mga4 from SRPMS: graphicsmagick-1.3.17-2.3.mga3.src.rpm graphicsmagick-1.3.18-3.2.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Testing procedure: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick
CC: (none) => remiWhiteboard: MGA3TOO => MGA3TOO has_procedure
100% success with Mageia 4 64 bits
CC: (none) => lebarhon
Remember to add mga4-64-ok in the whiteboard please André
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-64-ok
100% success with Mageia 4 32 bit, in a VM.
Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga4-64-ok mga4-32-ok
In VirtualBox, M3, KDE, 32-bit Package(s) under test: graphicsmagick [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.17-2.2.mga3.i586 is already installed Reference: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick Testing procedure for perl-Graphics-Magick My code reads as follows: #!/usr/local/bin/perl # taken from http://www.graphicsmagick.org/perl.html#example-script use Graphics::Magick; my($image, $status); $image = Graphics::Magick->new; $status = $image->Read('image1.png', 'image2.png', 'image3.png'); warn "$status" if "$status"; $status = $image->Write('x.gif'); warn "$status" if "$status"; Results in the following: [wilcal@localhost test_images]$ perl test.pl Can't locate Graphics/Magick.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.16.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.16.3 /usr/lib/perl5/vendor_perl/5.16.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.16.3 /usr/lib/perl5/5.16.3/i386-linux-thread-multi /usr/lib/perl5/5.16.3 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.16.3 /usr/lib/perl5/vendor_perl/5.16.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.16.2 /usr/lib/perl5/vendor_perl/5.16.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl .) at test.pl line 3. BEGIN failed--compilation aborted at test.pl line 3. No animated GIF generated. What am I doing wrong?
CC: (none) => wilcal.int
To use graphicsmagick with perl, you need to install perl-Graphics-Magick (which is also part of the update candidate).
(In reply to Rémi Verschelde from comment #6) > To use graphicsmagick with perl, you need to install perl-Graphics-Magick > (which is also part of the update candidate). Thanks Rémi, that did it. Not installed with graphicsmagick.
(In reply to William Kenney from comment #7) > > Thanks Rémi, that did it. Not installed with graphicsmagick. Yes it's not a strict requirement for GraphicsMagick: Basically GraphicsMagick is an independent tool and library, that you can use directly with its "gm" binary. The library can also be used in other environments such as in perl programs, but for this the perl bindings are necessary, hence the need for a perl-Graphics-Magick package. But the latter is not _required_ to use GraphicsMagick, that's why it's not installed by default :-)
In VirtualBox, M3, KDE, 32-bit Package(s) under test: graphicsmagick perl-Graphics-Magick default install of graphicsmagick & perl-Graphics-Magick [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.17-2.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.17-2.2.mga3.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF install graphicsmagick & perl-Graphics-Magick from updates_testing [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.17-2.3.mga3.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.17-2.3.mga3.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga4-32-ok => MGA3TOO has_procedure mga4-64-ok mga4-32-ok MGA3-32-OK
In VirtualBox, M3, KDE, 64-bit Package(s) under test: graphicsmagick lib64graphicsmagick3 perl-Graphics-Magick default install of graphicsmagick lib64graphicsmagick3 & perl-Graphics-Magick [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.17-2.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.17-2.2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.17-2.2.mga3.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF install graphicsmagick & perl-Graphics-Magick from updates_testing [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.17-2.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.17-2.3.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.17-2.3.mga3.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga4-32-ok MGA3-32-OK => MGA3TOO has_procedure mga4-64-ok mga4-32-ok MGA3-32-OK MGA3-64-OK
For me this update works fine. Testing complete for mga3 32-bit & 64-bit Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks all.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory from comment 0 uploaded.
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga4-32-ok MGA3-32-OK MGA3-64-OK => MGA3TOO has_procedure advisory mga4-64-ok mga4-32-ok MGA3-32-OK MGA3-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0370.html
Status: NEW => RESOLVEDResolution: (none) => FIXED