Three security issues fixed upstream in graphicsmagick have been announced: http://openwall.com/lists/oss-security/2017/08/18/4 http://openwall.com/lists/oss-security/2017/08/18/3 http://openwall.com/lists/oss-security/2017/08/18/5 The commit links with the fixes are linked in the messages above. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer. CC'ing some committers.
CC: (none) => mageia, makowski.mageia, marja11, nicolas.salguero, olav, rverscheldeAssignee: bugsquad => pkg-bugs
pushed in updates_testing src.rpm: graphicsmagick-1.3.26-1.1.mga6 graphicsmagick-1.3.26-1.2.mga5
Version: Cauldron => 6CC: (none) => mageiaWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Assignee: pkg-bugs => qa-bugs
The Mageia 5 package has a higher release tag.
CC: (none) => qa-bugsAssignee: qa-bugs => mageia
Fixed :)
Assignee: mageia => qa-bugs
Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: Invalid memory read in SetImageColorCallBack() in image.c (CVE-2017-12935). Use-after-free in ReadWMFImage() in wmf.c (CVE-2017-12936). Heap-based buffer overflow in ReadSUNImage() in sun.c (CVE-2017-12937). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12937 http://openwall.com/lists/oss-security/2017/08/18/4 http://openwall.com/lists/oss-security/2017/08/18/3 http://openwall.com/lists/oss-security/2017/08/18/5 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.26-1.2.mga5 libgraphicsmagick3-1.3.26-1.2.mga5 libgraphicsmagick++12-1.3.26-1.2.mga5 libgraphicsmagickwand2-1.3.26-1.2.mga5 libgraphicsmagick-devel-1.3.26-1.2.mga5 perl-Graphics-Magick-1.3.26-1.2.mga5 graphicsmagick-doc-1.3.26-1.2.mga5 graphicsmagick-1.3.26-1.3.mga6 libgraphicsmagick3-1.3.26-1.3.mga6 libgraphicsmagick++12-1.3.26-1.3.mga6 libgraphicsmagickwand2-1.3.26-1.3.mga6 libgraphicsmagick-devel-1.3.26-1.3.mga6 perl-Graphics-Magick-1.3.26-1.3.mga6 graphicsmagick-doc-1.3.26-1.3.mga6 from SRPMS: graphicsmagick-1.3.26-1.2.mga5.src.rpm graphicsmagick-1.3.26-1.3.mga6.src.rpm
CC: qa-bugs => (none)
MGA5-32 on Asus A6000VM Xfce Refer to QA procedure for this package. Not everything as successful as one could expect. At CLI: $ gm display 001.tif is OK $ gm convert 1973.pnm 1973.jpg resulting jpg displays OK in ristretto, but $ gm convert 1973.jpg 1973.tif gm convert: 1973.tif: Invalid tag "BadFaxLines" (not supported by codec). (_TIFFVGetField). thus converting a jpg which is the result of gm convert fails $ gm convert 1973.pnm 1973.tif So converting my original pnm to tif is OK. $ gm identify 1973.jpg 1973.jpg JPEG 2904x4208+0+0 DirectClass 8-bit 483.2Ki 0.000u 0m:0.000005s seems OK $ gm montage 1062.jpg 1973.jpg P7212389.jpg montage.jpg resulting montage.jpg displays OK in gm display and in ristretto. Leaving OK for someone else to judge on the prblem above.
CC: (none) => herman.viaene
I have seen that BadFaxLines message several times before but have ignored it (I think) because the conversions have succeeded. Had not thought to try converting back. Again it might be worth posting a bug on this. I shall try 64-bits and decide after that.
CC: (none) => tarazed25
Testing on mga6, x86_64 Found reproducer files for the three CVEs and ran them without benefit of the ASAN framework. $FILE represents the file indicated against the CVE. The original ASAN tests ended with Abort. CVE-2017-12935 00303-graphicsmagick-invalidread-SetImageColorCallBack $ gm convert -clip -negate $FILE out gm convert: abort due to signal 7 (SIGBUS) "Bus Error"... Aborted (core dumped) CVE-2017-12936 00302-graphicsmagick-UAF-ReadWMFImage $ gm convert -negate -clip $FILE out ERROR: player.c (159): Unexpected EOF! gm convert: Failed to scan file (00302-graphicsmagick-UAF-ReadWMFImage). CVE-2017-12937 00304-graphicsmagick-heapoverflow-ReadSUNImage $ gm convert -clip -negate $FILE out gm convert: Invalid colormap index (index 1 >= 1 colors, 00304-graphicsmagick-heapoverflow-ReadSUNImage). Forgot to change the name of the output file. $ file out out: Sun raster image data, 24 x 4, 1-bit, no colormap gm display showed a horizontal white bar, 4 pixels high. Update tests later.
Installed the updates - graphicsmagick-1.3.26-1.3.mga6.x86_64 - graphicsmagick-doc-1.3.26-1.3.mga6.noarch - lib64graphicsmagick++12-1.3.26-1.3.mga6.x86_64 - lib64graphicsmagick-devel-1.3.26-1.3.mga6.x86_64 - lib64graphicsmagick3-1.3.26-1.3.mga6.x86_64 - lib64graphicsmagickwand2-1.3.26-1.3.mga6.x86_64 - perl-Graphics-Magick-1.3.26-1.3.mga6.x86_64 Tried the PoCs: $ gm convert -clip -negate 00303-graphicsmagick-invalidread-SetImageColorCallBack out1 gm convert: Improper image header (00303-graphicsmagick-invalidread-SetImageColorCallBack). $ gm convert -clip -negate 00302-graphicsmagick-UAF-ReadWMFImage out2 ERROR: player.c (159): Unexpected EOF! gm convert: Failed to scan file (00302-graphicsmagick-UAF-ReadWMFImage). $ gm convert -clip -negate 00304-graphicsmagick-heapoverflow-ReadSUNImage out3 gm convert: Invalid colormap index (index 1 >= 1 colors, 00304-graphicsmagick-heapoverflow-ReadSUNImage). Tests 2 and 3 are equivocal compared with the earlier report but none of them produce an output file, indicating that the patches have worked.
Rémi, the previous update said we fixed CVE-2017-11403, but what about the other CVEs in this SUSE advisory from today (August 22)? https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00059.html
Test procedure: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick gm convert image4.jpg image4.png gm convert image4.jpg image4.tiff gm convert image4.jpg image4.pdf gm convert -rotate +90 image4.jpg filename4_rotate.jpg gm display filename4_rotate.jpg gm display -flip image4.tiff gm identify image4.jpg execute "perl gmtest.pl" ( creates an animated gif from 4 images ) In VirtualBox, M6, MATE, 32-bit Package(s) under test: graphicsmagick perl-Graphics-Magick libgraphicsmagick3 default install of graphicsmagick perl-Graphics-Magick & libgraphicsmagick3 [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libgraphicsmagick3 Package libgraphicsmagick3-1.3.26-1.1.mga6.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF viewable in Firefox install graphicsmagick perl-Graphics-Magick & libgraphicsmagick3 from updates_testing [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.3.mga6.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.3.mga6.i586 is already installed [root@localhost wilcal]# urpmi libgraphicsmagick3 Package libgraphicsmagick3-1.3.26-1.3.mga6.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF viewable in Firefox
CC: (none) => wilcal.int
Whiteboard: MGA5TOO => MGA5TOO MGA6-32-OK
In VirtualBox, M6, MATE, 64-bit Package(s) under test: graphicsmagick perl-Graphics-Magick lib64graphicsmagick3 default install of graphicsmagick perl-Graphics-Magick & lib64graphicsmagick3 [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.26-1.1.mga6.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF that is viewable in Firefox install graphicsmagick perl-Graphics-Magick & lib64graphicsmagick3 from updates_testing [root@localhost graphicsmagick_test]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.3.mga6.x86_64 is already installed [root@localhost graphicsmagick_test]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.3.mga6.x86_64 is already installed [root@localhost graphicsmagick_test]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.26-1.3.mga6.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF that is viewable in Firefox
Whiteboard: MGA5TOO MGA6-32-OK => MGA5TOO MGA6-32-OK MGA6-64-OK
In VirtualBox, M6, KDE, 32-bit Package(s) under test: graphicsmagick perl-Graphics-Magick libgraphicsmagick3 default install of graphicsmagick perl-Graphics-Magick & libgraphicsmagick3 [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libgraphicsmagick3 Package libgraphicsmagick3-1.3.26-1.1.mga5.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF that is viewable in Firefox install graphicsmagick perl-Graphics-Magick & libgraphicsmagick3 from updates_testing [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.2.mga5.i586 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.2.mga5.i586 is already installed [root@localhost wilcal]# urpmi libgraphicsmagick3 Package libgraphicsmagick3-1.3.26-1.2.mga5.i586 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF viewable in Firefox
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK
1st line in Comment 13 s/b: In VirtualBox, M5.1, KDE, 32-bit
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: graphicsmagick perl-Graphics-Magick lib64graphicsmagick3 default install of graphicsmagick perl-Graphics-Magick & lib64graphicsmagick3 [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.26-1.1.mga5.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF that is viewable in Firefox install graphicsmagick perl-Graphics-Magick & lib64graphicsmagick3 from updates_testing [root@localhost wilcal]# urpmi graphicsmagick Package graphicsmagick-1.3.26-1.2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi perl-Graphics-Magick Package perl-Graphics-Magick-1.3.26-1.2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64graphicsmagick3 Package lib64graphicsmagick3-1.3.26-1.2.mga5.x86_64 is already installed Per: https://wiki.mageia.org/en/QA_procedure:GraphicsMagick graphicsmagick conversions work, perl script creates an animated GIF that is viewable in Firefox
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
GraphicsMagick utility tests There are a lot of clever things that can be done with GM but lets just stay with the simple ones. Animation: $ gm animate duck*.gif That displayed the moving duck - a series of 16 frames. Create a thumbnail: $ gm convert -size 100x100 saturn_cassini.jpg -resize 100x100 +profile "*" saturn.png Too big? Shrink it in place. $ gm mogrify -resize 60% saturn.png Inspect image files: $ gm identify saturn_cassini.jpg saturn_cassini.jpg JPEG 1024x1024+0+0 DirectClass 8-bit 54.1Ki 0.000u 0m:0.000001s $ gm identify saturn.png saturn.png PNG 60x60+0+0 DirectClass 8-bit 2.4Ki 0.000u 0m:0.000001s Add a coloured border to an image: $ gm convert -border 30x30 -bordercolor OliveDrab Enceladus_cross-section_1.jpg bordermoon.jpg Flip image upside-down: $ gm convert -flip bordermoon.jpg flipped.jpg Create a montage from a set of images: $ gm montage duck*.gif ducks.png Tried display with various image formats; jpg, gif, png already confirmed. ppm, bmp, pnm, jpc and targa all OK. $ gm identify PIA13706_fig1.tif PIA13706_fig1.tif TIFF 8192x7051+0+0 DirectClass 8-bit 13.0Mi 0.000u 0m:0.000002s $ gm display PIA13706_fig1.tif No problem with that or an icon fatbot.tif. $ gm convert -resize 40% PIA13706_fig1.tif mars_crater.tif gm convert: mars_crater.tif: Invalid tag "BadFaxLines" (not supported by codec). (_TIFFVGetField). $ gm display mars_crater.tif The resized image displayed fine. $ gm convert -resize 40% mars_crater.tif SantaMaria.png $ gm display SantaMaria.png Perfectly OK. $ gm identify SantaMaria.png SantaMaria.png PNG 1311x1128+0+0 DirectClass 8-bit 932.1Ki 0.000u 0m:0.000002s $ gm convert SantaMaria.png SantaMaria.tiff gm convert: SantaMaria.tiff: Invalid tag "BadFaxLines" (not supported by codec). (_TIFFVGetField). $ gm identify SantaMaria.tiff SantaMaria.tiff TIFF 1311x1128+0+0 DirectClass 8-bit 1.0Mi 0.000u 0m:0.000002s $ gm display SantaMaria.tiff That looked fina as well. So, no real problems, although I could not figure out how to annotate an image using -label, -font, -fill etc. Without going any further I would say that GraphicsMagick is functional. @Herman: you should go ahead and OK i586. Oops - I see wilcal has preempted me.
CC: (none) => davidwhodginsWhiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0297.html
Status: NEW => RESOLVEDResolution: (none) => FIXED