openSUSE has issued an advisory on April 25: https://lists.opensuse.org/opensuse-updates/2019-04/msg00188.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210, marja11, mrambo, nicolas.salguero, smelror
Summary: graphicsmagick new security issues CVE-2019-1100[5-9] and CVE-2019-11010 => graphicsmagick new security issues CVE-2019-1100[5-9], CVE-2019-11010, CVE-2019-1147[34] and CVE-2019-1150[56]
Suggested advisory: ======================== The updated packages fix security vulnerabilities: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. (CVE-2019-11005) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. (CVE-2019-11006) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. (CVE-2019-11007) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (CVE-2019-11008) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-11009) In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. (CVE-2019-11010) coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. (CVE-2019-11473) coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. (CVE-2019-11474) In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. (CVE-2019-11505) In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. (CVE-2019-11506) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11007 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11474 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11506 https://lists.opensuse.org/opensuse-updates/2019-04/msg00188.html ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.31-1.5.mga6 lib(64)graphicsmagick3-1.3.31-1.5.mga6 lib(64)graphicsmagick++12-1.3.31-1.5.mga6 lib(64)graphicsmagickwand2-1.3.31-1.5.mga6 lib(64)graphicsmagick-devel-1.3.31-1.5.mga6 perl-Graphics-Magick-1.3.31-1.5.mga6 graphicsmagick-doc-1.3.31-1.5.mga6 from SRPMS: graphicsmagick-1.3.31-1.5.mga6.src.rpm
Version: Cauldron => 6Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsWhiteboard: MGA6TOO => (none)Source RPM: graphicsmagick-1.3.31-5.mga7.src.rpm => graphicsmagick-1.3.31-1.4.mga6.src.rpm
Created attachment 11069 [details] POC tests before and after
CC: (none) => tarazed25
Created attachment 11070 [details] Example output from 'gm import' command
mga6, x86_64 Checked CVEs before and after the updates - see attachment. A few of the POC tests indicate that the issues had already been fixed and the rest of them validate the recent patches. $ gm version GraphicsMagick 1.3.31 2018-11-17 Q8 http://www.GraphicsMagick.org/ Copyright (C) 2002-2018 GraphicsMagick Group. <and a surfeit of other information> $ cat gmtest.pl #!/bin/env perl # http://www.graphicsmagick.org/perl.html#example-script use Graphics::Magick; my($image, $status); $image = Graphics::Magick->new; $status = $image->Read('frame1.png', 'frame2.png', 'frame3.png', 'frame4.png'); warn "$status" if "$status"; $status = $image->Write('frames.gif'); warn "$status" if "$status"; $ ls frame?.png frame1.png frame3.png frame5.png frame7.png frame9.png frame2.png frame4.png frame6.png frame8.png $ gmtest.pl $ gm identify frames.gif frames.gif[0] GIF 3008x2000+0+0 PseudoClass 256c 8-bit 9.7Mi 0.000u 0m:0.000002s frames.gif[1] GIF 3008x2000+0+0 PseudoClass 256c 8-bit 9.7Mi 0.080u 0m:0.076800s frames.gif[2] GIF 1440x1080+0+0 PseudoClass 256c 8-bit 9.7Mi 0.040u 0m:0.032041s frames.gif[3] GIF 2000x1500+0+0 PseudoClass 256c 8-bit 9.7Mi 0.020u 0m:0.019655s $ gm display frames.gif Using the 'next' function displayed each frame in turn. $ gm import bugz.png Use mouse to define a rectangle on the screen and left-click to save it to a file. $ gm convert -rotate 180 GlenShiel_4.jpg flipped.ppm The resultant image shows a bit of Scotland upside down. $ gm montage loch*.png showcase.pgm This produced a thumbnail greyscale index of 11 images in a 6x2 mosaic, including the montage itself. Colours were preserved by specifying a PNG output file. There is still a problem with conversions to TIFF format. SVG can be converted but without colour and lacking detail. http://www.graphicsmagick.org/perl.html#example-script $ perl imagestack.pl $ gm identify x.gif x.gif[0] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000004s x.gif[1] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000333s x.gif[2] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000243s x.gif[3] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000144s $ gm animate -delay 50 x.gif Continuous loop animation at 2 frames per second. $ gm mogrify -resize 200% JessicaAlba.tif $ gm display JessicaAlba.tif Original image mutiplied in area by 4. $ cat graffiti.pl #!/bin/env perl use Graphics::Magick; my($image, $p, $q); $image = Graphics::Magick->new; $image->Set(size=>'100x100'); $image->ReadImage('xc:white'); #$image->Set('pixel[49,49]'=>'red'); $image->Draw(stroke=>'red', primitive=>'rectangle', points=>'20,20 80,80'); $image->Write('x.ppm'); undef $image; $p = Graphics::Magick->new; $p->Read('J*.jpg'); $p->Draw(stroke=>'red', primitive=>'rectangle', points=>'20,20 80,80'); $p->Write('xyz.ppm'); undef $p; $ ./graffiti.pl This produced a new image x.ppm showing a red rectangle on a white background and a modified image with a red rectangle superimposed. These sample tests should be enough to show that GM is in good shape.
Whiteboard: (none) => MGA6-64-OK
Validating. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Just noting that this needs to be pushed in Mageia 7/Cauldron as well as Mageia 6.
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0187.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED