[ubuntu/trusty-security] graphicsmagick 1.3.18-1ubuntu3.1 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Wed Oct 31 13:52:40 UTC 2018


graphicsmagick (1.3.18-1ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (out-of-bounds read) in PCX parser code 
    - debian/patches/CVE-2014-8355.patch: fix in coders/pcx.c
    - CVE-2014-8355
  * SECURITY UPDATE: DoS (uninitialized memory access) via a crafted GIF
    file.
    - debian/patches/CVE-2015-8808.patch: Assure that GIF decoder does
      not use unitialized data.
    - CVE-2015-8808
  * SECURITY UPDATE: DoS (crash) via a crafted SVG file.
    - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
    - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
    - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
    - CVE-2016-2317
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
    file.
    - debian/patches/CVE-2016-2318.patch: Make SVG path and other
      primitive parsing more robust
    - CVE-2016-2318
  * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
    a crafted image file.
    - debian/patches/CVE-2016-3714.patch: Remove delegates support for
      reading gnuplot files.
    - CVE-2016-3714
  * SECURITY UPDATE: Remote attackers are able to delete arbitrary files
    via a crafted image.
    - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
      prefix.
    - CVE-2016-3715
  * SECURITY UPDATE: Remote attackers can move arbitrary files via a
    crafted image. 
    - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
      on MSL files.
    - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
      format based on file extension.
    - CVE-2016-3716
  * SECURITY UPDATE: Remote attackers can read arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
    - CVE-2016-3717
  * SECURITY UPDATE: Remote attackers can conduct server-side request
    forgery (SSRF) attacks via a crafted image.
    - debian/patches/CVE-2016-3718.patch: fix in render.c
    - CVE-2016-3718
  * SECURITY UPDATE: Remote attackers can execute arbitrary files via a 
    pipe character at the start of a filename.
    - debian/patches/CVE-2016-5118.patch: remove support for reading
      input from a shell command or writing output to a shell command
    - CVE-2016-5118
  * SECURITY UPDATE: Remote attackers can execute arbitrary commands via
    unspecified vectors.
    - debian/patches/CVE-2016-5239.patch: remove delegates support for
      Gnuplot and varios other file types.
    - CVE-2016-5239
  * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
    converting a circularly defined SVG file.
    - debian/patches/CVE-2016-5240.patch: endless loop problem caused by
      negative stroke-dasharray arguments
    - CVE-2016-5240
  * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
    and application crash) via a crafted svg file. 
    - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
      fill or stroke pattern image has zero columns or rows
    - CVE-2016-5241
  * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
    - debian/patches/CVE-2016-7446.patch: fix in svg.c
    - CVE-2016-7446
  * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
    - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
      EscapeParenthesis() in annotate.c
    - CVE-2016-7447
  * SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
    via vectors involving the header information and the file size.
    - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
    - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
    - CVE-2016-7448
  * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
    an "unterminated" string.
    - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun 
      if buffer not null terminated
    - CVE-2016-7449
  * SECURITY UPDATE: Integer underflow in the parse8BIM function.
    - debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
    - CVE-2016-7800
  * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
    reader.
    - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
    - CVE-2016-7996
    - CVE-2016-7997
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
    - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
      while reading SCT file header.
    - CVE-2016-8682
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted PCX image.
    - debian/patches/CVE-2016-8683.patch: check that filesize is
      reasonable given header.
    - CVE-2016-8683
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted SGI image.
    - debian/patches/CVE-2016-8684.patch: Check that filesize is
      reasonable given header.
    - CVE-2016-8684
  * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
    - debian/patches/CVE-2016-9830.patch: enforce spec requirement that
      the dimensions of the JPEG embedded in a JDAT chunk must match the
      JHDR dimensions.
    - CVE-2016-9830

Date: 2018-10-30 20:05:12.971655+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.18-1ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list