Detections
Analytics

openSUSE Security Update : GraphicsMagick (openSUSE-2019-397)

medium Nessus Plugin ID 123441

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

GraphicsMagick was updated to 1.3.29 :

 - Security Fixes :

 - GraphicsMagick is now participating in Google's oss-fuzz project

- JNG: Require that the embedded JPEG image have the same dimensions as the JNG image as provided by JHDR. Avoids a heap write overflow.

 - MNG: Arbitrarily limit the number of loops which may be requested by the MNG LOOP chunk to 512 loops, and provide the '-define mng:maximum-loops=value' option in case the user wants to change the limit. This fixes a denial of service caused by large LOOP specifications.

 - Bug fixes :

 - DICOM: Pre/post rescale functions are temporarily disabled (until the implementation is fixed).

 - JPEG: Fix regression in last release in which reading some JPEG files produces the error 'Improper call to JPEG library in state 201'.

 - ICON: Some DIB-based Windows ICON files were reported as corrupt to an unexpectedly missing opacity mask image.

 - In-memory Blob I/O: Don't implicitly increase the allocation size due to seek offsets.

 - MNG: Detect and handle failure to allocate global PLTE.
 Fix divide by zero.

 - DrawGetStrokeDashArray(): Check for failure to allocate memory.

 - BlobToImage(): Now produces useful exception reports to cover the cases where 'magick' was not set and the file format could not be deduced from its header.

 - API Updates :

 - Wand API: Added MagickIsPaletteImage(), MagickIsOpaqueImage(), MagickIsMonochromeImage(), MagickIsGrayImage(), MagickHasColormap() based on contributions by Troy Patteson.

 - New structure ImageExtra added and Image 'clip_mask' member is replaced by 'extra' which points to private ImageExtra allocation. The ImageGetClipMask() function now provides access to the clip mask image.

 - New structure DrawInfoExtra and DrawInfo 'clip_path' is replaced by 'extra' which points to private DrawInfoExtra allocation. The DrawInfoGetClipPath() function now provides access to the clip path.

 - New core library functions: GetImageCompositeMask(), CompositeMaskImage(), CompositePathImage(), SetImageCompositeMask(), ImageGetClipMask(), ImageGetCompositeMask(), DrawInfoGetClipPath(), DrawInfoGetCompositePath()

 - Deprecated core library functions:
 RegisterStaticModules(), UnregisterStaticModules().

 - Feature improvements :

 - Static modules (in static library or shared library without dynamically loadable modules) are now lazy-loaded using the same external interface as the lazy-loader for dynamic modules. This results in more similarity between the builds and reduces the fixed initialization overhead by only initializing the modules which are used.

 - SVG: The quality of SVG support has been significantly improved due to the efforts of Greg Wolfe.

 - FreeType/TTF rendering: Rendering fixes for opacity.

Solution

Update the affected GraphicsMagick packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1094352

Plugin Details

Severity: Medium

ID: 123441

File Name: openSUSE-2019-397.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/28/2019

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:graphicsmagick, p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo, p-cpe:/a:novell:opensuse:graphicsmagick-debugsource, p-cpe:/a:novell:opensuse:graphicsmagick-devel, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo, p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel, p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3, p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo, p-cpe:/a:novell:opensuse:libgraphicsmagick3-config, p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2, p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo, p-cpe:/a:novell:opensuse:perl-graphicsmagick, p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/23/2019

Vulnerability Publication Date: 3/23/2019