--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-bfb9835edd
2018-01-31 18:03:07.862682
--------------------------------------------------------------------------------
Name : GraphicsMagick
Product : Fedora 26
Version : 1.3.28
Release : 1.fc26
URL :
http://www.graphicsmagick.org/
Summary : An ImageMagick fork, offering faster image generation and better quality
Description :
GraphicsMagick is a comprehensive image processing package which is initially
based on ImageMagick 5.5.2, but which has undergone significant re-work by
the GraphicsMagick Group to significantly improve the quality and performance
of the software.
--------------------------------------------------------------------------------
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536950 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and
application hang in coders/bmp.c:ReadBMPImage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536950
[ 2 ] Bug #1529579 - CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer
over-read in ReadNewsProfile in coders/tiff.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529579
[ 3 ] Bug #1529558 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in
WriteWEBPImage in coders/webp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529558
[ 4 ] Bug #1529536 - CVE-2017-17915 GraphicsMagick: Memory leak in the function
ReadMNGImage in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529536
[ 5 ] Bug #1528050 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in
ReadPALMImage in coders/palm.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528050
[ 6 ] Bug #1528038 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in
ReadOneJNGImage function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528038
[ 7 ] Bug #1515317 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory
information disclosure in DescribeImage function in magick/describe.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1515317
[ 8 ] Bug #1512039 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in
AcquireCacheNexus function in magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512039
[ 9 ] Bug #1484484 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage
function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484484
[ 10 ] Bug #1475499 - CVE-2017-11643 GraphicsMagick: Heap based over-write in
WriteCMYKImagefunction in coders/cmyk.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475499
[ 11 ] Bug #1475491 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in
magick/pixel_cache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475491
[ 12 ] Bug #1475457 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in
WriteRGBImage in coders/rgb.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475457
[ 13 ] Bug #1475453 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in
WritePCLImage() in coders/pcl.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475453
[ 14 ] Bug #1473751 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of
service in ReadJPEGImage function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473751
[ 15 ] Bug #1473745 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the
ReadOneJNGImage() function in coders/png.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473745
[ 16 ] Bug #1473730 - CVE-2017-11102 GraphicsMagick: Input validation failure in
ReadOneJNGImage function may cause denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473730
[ 17 ] Bug #1536770 - GraphicsMagick-1.3.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536770
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade GraphicsMagick' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------