——————————————————————————–
Fedora Update Notification
FEDORA-2018-7c61d08c4f
2018-01-31 21:56:56.444040
——————————————————————————–
Name : GraphicsMagick
Product : Fedora 27
Version : 1.3.28
Release : 1.fc27
URL : http://www.graphicsmagick.org/
Summary : An ImageMagick fork, offering faster image generation and better quality
Description :
GraphicsMagick is a comprehensive image processing package which is initially
based on ImageMagick 5.5.2, but which has undergone significant re-work by
the GraphicsMagick Group to significantly improve the quality and performance
of the software.
——————————————————————————–
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
——————————————————————————–
References:
[ 1 ] Bug #1536950 – GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536950
[ 2 ] Bug #1529579 – CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529579
[ 3 ] Bug #1529558 – CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in WriteWEBPImage in coders/webp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529558
[ 4 ] Bug #1529536 – CVE-2017-17915 GraphicsMagick: Memory leak in the function ReadMNGImage in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529536
[ 5 ] Bug #1528050 – CVE-2017-17783 GraphicsMagick: heap based buffer over-read in ReadPALMImage in coders/palm.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528050
[ 6 ] Bug #1528038 – CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in ReadOneJNGImage function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528038
[ 7 ] Bug #1515317 – CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1515317
[ 8 ] Bug #1512039 – CVE-2017-16669 GraphicsMagick: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512039
[ 9 ] Bug #1484484 – CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484484
[ 10 ] Bug #1475499 – CVE-2017-11643 GraphicsMagick: Heap based over-write in WriteCMYKImagefunction in coders/cmyk.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475499
[ 11 ] Bug #1475491 – CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475491
[ 12 ] Bug #1475457 – CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in WriteRGBImage in coders/rgb.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475457
[ 13 ] Bug #1475453 – CVE-2017-11637 GraphicsMagick: NULL pointer dereference in WritePCLImage() in coders/pcl.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475453
[ 14 ] Bug #1473751 – CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of service in ReadJPEGImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473751
[ 15 ] Bug #1473745 – CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473745
[ 16 ] Bug #1473730 – CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473730
[ 17 ] Bug #1536770 – GraphicsMagick-1.3.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536770
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade GraphicsMagick’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org