-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2018-1049ca4872 2018-02-14 17:01:43.077684 --------------------------------------------------------------------------------
Name : GraphicsMagick Product : Fedora EPEL 6 Version : 1.3.28 Release : 1.el6 URL : http://www.graphicsmagick.org/ Summary : An ImageMagick fork, offering faster image generation and better quality Description : GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. -------------------------------------------------------------------------------- Update Information: Latest stable release, includes many bug and security fixes. See also http://www.graphicsmagick.org/NEWS.html#january-20-2017 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473729 [ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473741 [ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of service in ReadJPEGImage function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473752 [ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in WritePCLImage() in coders/pcl.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475454 [ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in WriteRGBImage in coders/rgb.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475458 [ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475490 [ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in WriteCMYKImagefunction in coders/cmyk.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475498 [ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1484483 [ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1512038 [ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1512049 [ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in ReadOneJNGImage function in coders/png.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1528037 [ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in ReadPALMImage in coders/palm.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1528051 [ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the function ReadMNGImage in coders/png.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529535 [ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in WriteWEBPImage in coders/webp.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529557 [ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529580 [ 16 ] Bug #1536951 - CVE-2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1536951 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update GraphicsMagick' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ epel-package-announce mailing list -- epel-package-announce@lists.fedoraproject.org To unsubscribe send an email to epel-package-announce-le...@lists.fedoraproject.org