openSUSE Security Update : GraphicsMagick (openSUSE-2017-1346)

High Nessus Plugin ID 105233

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

 - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181).

 - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485).

 - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409).

 - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184).

 - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637).

 - CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162).

 - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632).

Solution

Update the affected GraphicsMagick packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1050632

https://bugzilla.opensuse.org/show_bug.cgi?id=1056162

https://bugzilla.opensuse.org/show_bug.cgi?id=1058485

https://bugzilla.opensuse.org/show_bug.cgi?id=1058637

https://bugzilla.opensuse.org/show_bug.cgi?id=1067181

https://bugzilla.opensuse.org/show_bug.cgi?id=1067184

https://bugzilla.opensuse.org/show_bug.cgi?id=1067409

Plugin Details

Severity: High

ID: 105233

File Name: openSUSE-2017-1346.nasl

Version: Revision: 3.2

Type: local

Agent: unix

Published: 2017/12/14

Updated: 2018/01/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:GraphicsMagick, p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo, p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource, p-cpe:/a:novell:opensuse:GraphicsMagick-devel, p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12, p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo, p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel, p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3, p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo, p-cpe:/a:novell:opensuse:libGraphicsMagick3-config, p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2, p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo, p-cpe:/a:novell:opensuse:perl-GraphicsMagick, p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/12/05

Reference Information

CVE: CVE-2017-11640, CVE-2017-13737, CVE-2017-14341, CVE-2017-14342, CVE-2017-16545, CVE-2017-16546, CVE-2017-16669