Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3238-1 Final 1 1 2016-12-22T10:02:00Z current 2016-12-22T10:02:00Z 2016-12-22T10:02:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This security update for GraphicsMagick fixes the following issues: - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318) - maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html E-Mail link for openSUSE-SU-2016:3238-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 GraphicsMagick-1.3.25-6.1 GraphicsMagick-devel-1.3.25-6.1 libGraphicsMagick++-Q16-11-1.3.21-23.1 libGraphicsMagick++-Q16-12-1.3.25-6.1 libGraphicsMagick++-devel-1.3.25-6.1 libGraphicsMagick-Q16-3-1.3.25-6.1 libGraphicsMagick3-config-1.3.25-6.1 libGraphicsMagickWand-Q16-2-1.3.25-6.1 perl-GraphicsMagick-1.3.25-6.1 GraphicsMagick-1.3.25-6.1 as a component of openSUSE Leap 42.1 GraphicsMagick-devel-1.3.25-6.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-Q16-11-1.3.21-23.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-Q16-12-1.3.25-6.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-devel-1.3.25-6.1 as a component of openSUSE Leap 42.1 libGraphicsMagick-Q16-3-1.3.25-6.1 as a component of openSUSE Leap 42.1 libGraphicsMagick3-config-1.3.25-6.1 as a component of openSUSE Leap 42.1 libGraphicsMagickWand-Q16-2-1.3.25-6.1 as a component of openSUSE Leap 42.1 perl-GraphicsMagick-1.3.25-6.1 as a component of openSUSE Leap 42.1 GraphicsMagick-1.3.25-6.1 as a component of openSUSE Leap 42.2 GraphicsMagick-devel-1.3.25-6.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-Q16-11-1.3.21-23.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-Q16-12-1.3.25-6.1 as a component of openSUSE Leap 42.2 libGraphicsMagick++-devel-1.3.25-6.1 as a component of openSUSE Leap 42.2 libGraphicsMagick-Q16-3-1.3.25-6.1 as a component of openSUSE Leap 42.2 libGraphicsMagick3-config-1.3.25-6.1 as a component of openSUSE Leap 42.2 libGraphicsMagickWand-Q16-2-1.3.25-6.1 as a component of openSUSE Leap 42.2 perl-GraphicsMagick-1.3.25-6.1 as a component of openSUSE Leap 42.2 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. CVE-2016-8866 openSUSE Leap 42.1:GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-23.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-12-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.25-6.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.2:GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-11-1.3.21-23.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-6.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-6.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html https://www.suse.com/security/cve/CVE-2016-8866.html CVE-2016-8866 https://bugzilla.suse.com/1007245 SUSE Bug 1007245 https://bugzilla.suse.com/1009318 SUSE Bug 1009318 https://bugzilla.suse.com/1031267 SUSE Bug 1031267 The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. CVE-2016-9830 openSUSE Leap 42.1:GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-23.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-12-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.25-6.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.25-6.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.2:GraphicsMagick-1.3.25-6.1 openSUSE Leap 42.2:GraphicsMagick-devel-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-11-1.3.21-23.1 openSUSE Leap 42.2:libGraphicsMagick++-Q16-12-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick++-devel-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick-Q16-3-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagick3-config-1.3.25-6.1 openSUSE Leap 42.2:libGraphicsMagickWand-Q16-2-1.3.25-6.1 openSUSE Leap 42.2:perl-GraphicsMagick-1.3.25-6.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html https://www.suse.com/security/cve/CVE-2016-9830.html CVE-2016-9830 https://bugzilla.suse.com/1013640 SUSE Bug 1013640