Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3256-1

Опубликовано: 23 дек. 2016
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130]
  • CVE-2016-9559: Possible Null pointer access found by fuzzing [bsc#1011136]
  • CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159]
  • CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376]
  • CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318]

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libMagickCore1-6.4.3.6-7.60.1
libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libMagickCore1-6.4.3.6-7.60.1
libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ImageMagick-6.4.3.6-7.60.1
ImageMagick-devel-6.4.3.6-7.60.1
libMagick++-devel-6.4.3.6-7.60.1
libMagick++1-6.4.3.6-7.60.1
libMagickWand1-6.4.3.6-7.60.1
libMagickWand1-32bit-6.4.3.6-7.60.1
perl-PerlMagick-6.4.3.6-7.60.1

Ссылки

Описание

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки

Описание

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки

Описание

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки

Описание

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки

Описание

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки

Описание

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.60.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.60.1
Ссылки
Уязвимость SUSE-SU-2016:3256-1