摘要:
GraphicsMagick security update
安全等级: Medium
公告ID: KylinSec-SA-2023-2307
发布日期: 2023年11月10日
关联CVE: CVE-2020-21679
GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.
Security Fix(es):
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.(CVE-2020-21679)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2020-21679 | KY3.5.2 | GraphicsMagick | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| GraphicsMagick-help | noarch | 1.3.41-1.ky3_5 |
| GraphicsMagick-c++ | x86_64 | 1.3.41-1.ky3_5 |
| GraphicsMagick | x86_64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-perl | x86_64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-devel | x86_64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-c++-devel | x86_64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-devel | aarch64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-c++ | aarch64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-perl | aarch64 | 1.3.41-1.ky3_5 |
| GraphicsMagick-c++-devel | aarch64 | 1.3.41-1.ky3_5 |
| GraphicsMagick | aarch64 | 1.3.41-1.ky3_5 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
