Bug 984150 - (CVE-2014-9820) VUL-0: CVE-2014-9820: GraphicsMagick,ImageMagick: heap overflow in xpm files
(CVE-2014-9820)
VUL-0: CVE-2014-9820: GraphicsMagick,ImageMagick: heap overflow in xpm files
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/169730/
CVSSv2:RedHat:CVE-2014-9820:4.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-10 11:57 UTC by Marcus Meissner
Modified: 2017-10-09 11:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2016-06-10 12:52:29 UTC
code is the same in sle11 im, sle12 im and sle11 gm
Comment 2 Swamp Workflow Management 2016-06-10 22:02:13 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-06-15 09:21:59 UTC
Fixed everywhere.
Comment 4 Petr Gajdos 2016-06-23 13:06:56 UTC
I believe all fixed.
Comment 5 Swamp Workflow Management 2016-07-01 15:11:15 UTC
openSUSE-SU-2016:1724-1: An update that fixes 37 vulnerabilities is now available.

Category: security (important)
Bug References: 965853,983234,983259,983309,983455,983521,983523,983533,983752,983794,983796,983799,983803,984028,984032,984035,984135,984142,984144,984145,984150,984166,984181,984193,984372,984373,984375,984379,984394,984398,984400,984408,984409,984433,984436,985442
CVE References: CVE-2014-9805,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9837,CVE-2014-9839,CVE-2014-9840,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9853,CVE-2015-8894,CVE-2015-8896,CVE-2015-8901,CVE-2015-8903,CVE-2016-2317,CVE-2016-2318,CVE-2016-5240,CVE-2016-5241,CVE-2016-5688
Sources used:
openSUSE 13.2 (src):    GraphicsMagick-1.3.20-9.1
Comment 6 Swamp Workflow Management 2016-07-06 19:09:28 UTC
openSUSE-SU-2016:1748-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-26.1
Comment 7 Swamp Workflow Management 2016-07-11 14:13:13 UTC
SUSE-SU-2016:1782-1: An update that fixes 57 vulnerabilities is now available.

Category: security (important)
Bug References: 983234,983253,983259,983292,983305,983308,983521,983523,983533,983739,983746,983752,983774,983794,983796,983799,983803,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984150,984160,984166,984181,984184,984185,984186,984187,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984408,984409,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9842,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9849,CVE-2014-9851,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
Comment 8 Swamp Workflow Management 2016-07-11 14:23:52 UTC
SUSE-SU-2016:1783-1: An update that fixes 37 vulnerabilities is now available.

Category: security (important)
Bug References: 965853,983234,983259,983309,983455,983521,983523,983533,983752,983794,983796,983799,983803,984028,984032,984035,984135,984142,984144,984145,984150,984166,984181,984193,984372,984373,984375,984379,984394,984398,984400,984408,984409,984433,984436,985442
CVE References: CVE-2014-9805,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9837,CVE-2014-9839,CVE-2014-9840,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9853,CVE-2015-8894,CVE-2015-8896,CVE-2015-8901,CVE-2015-8903,CVE-2016-2317,CVE-2016-2318,CVE-2016-5240,CVE-2016-5241,CVE-2016-5688
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.41.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.41.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.41.1
Comment 9 Swamp Workflow Management 2016-07-11 14:32:28 UTC
SUSE-SU-2016:1784-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
Comment 10 Swamp Workflow Management 2016-07-20 10:14:44 UTC
openSUSE-SU-2016:1833-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-15.1
Comment 11 Bernhard Wiedemann 2016-08-05 10:02:27 UTC
This is an autogenerated message for OBS integration:
This bug (984150) was mentioned in
https://build.opensuse.org/request/show/417050 42.1 / GraphicsMagick
Comment 12 Swamp Workflow Management 2016-08-15 13:12:59 UTC
openSUSE-SU-2016:2073-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 965853,983309,983455,983521,983523,983533,983752,983794,983799,984142,984145,984150,984166,984372,984375,984379,984394,984400,984408,984436,985442
CVE References: CVE-2014-9805,CVE-2014-9807,CVE-2014-9809,CVE-2014-9815,CVE-2014-9817,CVE-2014-9819,CVE-2014-9820,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9837,CVE-2014-9839,CVE-2014-9845,CVE-2014-9846,CVE-2014-9853,CVE-2015-8894,CVE-2015-8896,CVE-2016-2317,CVE-2016-2318,CVE-2016-5240,CVE-2016-5241,CVE-2016-5688
Sources used:
openSUSE Leap 42.1 (src):    GraphicsMagick-1.3.21-11.1
Comment 13 Bernhard Wiedemann 2016-11-29 17:01:39 UTC
This is an autogenerated message for OBS integration:
This bug (984150) was mentioned in
https://build.opensuse.org/request/show/442718 42.2 / GraphicsMagick
Comment 14 Swamp Workflow Management 2016-12-08 17:14:05 UTC
openSUSE-SU-2016:3060-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 1000399,1000434,1000689,1000698,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,1007245,1011130,982178,983521,983752,983794,983799,984145,984150,984166,984372,984375,984394,984400,984436
CVE References: CVE-2014-9805,CVE-2014-9807,CVE-2014-9809,CVE-2014-9815,CVE-2014-9817,CVE-2014-9820,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9837,CVE-2014-9845,CVE-2014-9846,CVE-2014-9853,CVE-2016-5118,CVE-2016-6823,CVE-2016-7101,CVE-2016-7515,CVE-2016-7522,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684,CVE-2016-8862,CVE-2016-9556
Sources used:
openSUSE Leap 42.2 (src):    GraphicsMagick-1.3.25-3.1
Comment 15 Petr Gajdos 2017-10-09 11:41:26 UTC
Fix is already in GraphicsMagick mercurial head.