Debian Bug report logs -
#894396
graphicsmagick: CVE-2018-9018
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#894396
; Package src:graphicsmagick
.
(Thu, 29 Mar 2018 19:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Thu, 29 Mar 2018 19:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Version: 1.3.28-1
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/554/
Control: found -1 1.3.20-3
Hi,
The following vulnerability was published for graphicsmagick:
CVE-2018-9018[0]:
| In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage
| function of coders/png.c. Remote attackers could leverage this
| vulnerability to cause a crash and denial of service via a crafted mng
| file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-9018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9018
[1] https://sourceforge.net/p/graphicsmagick/bugs/554/
[2] http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
Regards,
Salvatore
Marked as found in versions graphicsmagick/1.3.20-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org
.
(Thu, 29 Mar 2018 19:33:05 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
You have taken responsibility.
(Sat, 31 Mar 2018 19:51:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sat, 31 Mar 2018 19:51:04 GMT) (full text, mbox, link).
Message #12 received at 894396-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Source-Version: 1.3.28-2
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894396@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 31 Mar 2018 11:05:51 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.28-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 894396
Changes:
graphicsmagick (1.3.28-2) unstable; urgency=high
.
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
Checksums-Sha1:
b4464f9bb498db098b59ffe96b5f94326ad8b6a6 2797 graphicsmagick_1.3.28-2.dsc
390f37f53838d700b397d0fd3174dceec71275ef 160056 graphicsmagick_1.3.28-2.debian.tar.xz
9d3624bf6db0d0cc006740f14d17b6663dfb02d3 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
bcc6d1b28d96b3e5fc63d8a894dd9b78bb60d11c 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
78d757c30b9460f877ccd612807f4e3e75ebf968 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
45f233716d8a6b12ad8f6c14c78b47740d968050 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
a71ef0ec9b263e03bdf9e977452f7d727ffa4b38 877600 graphicsmagick_1.3.28-2_amd64.deb
04f107a3b1d27c769dc8794bf8c89f0c0c46b514 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
ca4a7e860412653bad1921b1642bdf9d336fbced 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
1f2ccbfd746b763458c32f56f61ad96b030cd802 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
108c430f75d23f7491a71d2dadb089756d0e16cd 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
c84f5a0d29a038fc6e9c25560a9cf5c7b1a5f912 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Checksums-Sha256:
0671ceead3d4f720a8a2ce4e1647ebb17f6933d5f7cbaf10b707260c6c61a25a 2797 graphicsmagick_1.3.28-2.dsc
68f6349179985aa130e2b0794649f1c5d0574fd12cc97bb801d9743c6362c234 160056 graphicsmagick_1.3.28-2.debian.tar.xz
ebc581df0c76be14e4815c70e687ac3ff1f2222c1c8bbb20002325b6da371895 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
823d6a690a68a2700745cee17dadc063139d1c0a54e0fbb3ce9755fadb84b618 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
599d1eb3b37d596b947d828c2db1b9edf7bb57bef371f03b0d2326568ee6dbc4 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
c0813c138faa251426b36f74a1ac14b19188889c83e40df0cf177a4d3be2fd7d 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
9e64bb3e3be5dc7a39f152aa372e014b974a1c2ff87e0e8ecb2a837da28f7748 877600 graphicsmagick_1.3.28-2_amd64.deb
42965ddab07a9ceea9779b2f2ddcffb3d273ef1973e379c0727204062231470c 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
3027039592618d4e78f534136a8fbf0b0f51f10fce2b8f25737987fab09bc5f5 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
0c4f399b0410ba5b0b5b3ae1e9349d3c45a045f41d90563920921334c2a37df0 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
198cbd30ba820ae361d1cf195fe8049338d4e677812206d14f201a6568103e19 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
78a93c82b88bcc6754de2e3821be7bbabe61b22cc8c7446bc55025f20e7e77b8 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Files:
250731224a0493bcd1e5a53ea2ca908f 2797 graphics optional graphicsmagick_1.3.28-2.dsc
865c0b168fd1e45e0c13139d2437396c 160056 graphics optional graphicsmagick_1.3.28-2.debian.tar.xz
78bfead8e742260ed8f14e935f7fb43e 3191296 debug optional graphicsmagick-dbg_1.3.28-2_amd64.deb
031d7c23a0e4ae52f626ebc2ce3886a9 23628 graphics optional graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
f1c0cc0318a2aa508969cfbeecd31171 27064 graphics optional graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
04441f7f28a4bb74825ef0be365b67f1 11585 graphics optional graphicsmagick_1.3.28-2_amd64.buildinfo
eb1c0ed1b7b7c095d0b18c3b7ab849e6 877600 graphics optional graphicsmagick_1.3.28-2_amd64.deb
5f5d3491df50a87cb4d98c563291cac4 70404 perl optional libgraphics-magick-perl_1.3.28-2_amd64.deb
bfeea401156b22be0cff51de90338168 118268 libs optional libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
89a42fbc27d6f059824331eb048c3a21 303072 libdevel optional libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
af2312352800d2ec18e57fd08db412f0 1120000 libs optional libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
789039bad9d157b18223c74e693f524b 1345600 libdevel optional libgraphicsmagick1-dev_1.3.28-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlq/4nkACgkQ3OMQ54ZM
yL+G5Q//T83yQyWAoqyNXQjc86frf4CPl5w2DbUpBE0lCQTLm5ifFEZusFvqfOod
7x11jbq/c5X7baqEGK6+UdCBs5uRusM6juNmo8hFLkdMKHK09u832jE4tLN3JtIm
tWv1S+2hTFiDdhlLImRfcAGDQIW2AemolVTvK9pu8fNglXj6Ftrmb3LlmV1RsUA/
lQBbRpg8a5GlOjk9+tmcpD7d0U/fMXHr9ndrbqDmJdRVfLhMDnzl1v9HwJykeb/A
FY8Lxdz5D6IBv0O1jK1C72gZlBY5JogiXQsuvEXGzxwReinwszmbhgl1eyMYSbO4
uz2DK8/95xHFIGzndt5rNcbEwv/NFDmdciA2sAPYKsPSVg7WEJe/Br/DFsLx4mxc
3XSuq+8rWFlL6/Y+dhVDYwtSO3UPxB4BQgaLWqx1qyEk+nPokffBlG8gA72DbACz
zMQkSG+MfZsY5uF7d/ZVN3n4GuTBhM2LMd3dW3k/6fBj+eAUlW+400tvksbpMHPf
NXUJbWW4nTqkLBh46WZonVDug80/q7ElguCCV3HgrZkzhmlxSUQ4nSB859EkITmc
p4GTSkrmeWGNs61i2SXoKRMEHSs/ml17dKwJQnuHhAwa7xyAkT15E2Ux7BjHAPOi
RoxMOLe+AvFSLwB8lYD/VD6R2+0e6C3Amv1Bi7QSO3OC9fXrZyM=
=Wuxa
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 01 May 2018 07:33:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:27:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.