Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libMagickCore1-6.4.3.6-7.78.5.2
libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libMagickCore1-6.4.3.6-7.78.5.2
libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Software Development Kit 11 SP4
ImageMagick-6.4.3.6-7.78.5.2
ImageMagick-devel-6.4.3.6-7.78.5.2
libMagick++-devel-6.4.3.6-7.78.5.2
libMagick++1-6.4.3.6-7.78.5.2
libMagickWand1-6.4.3.6-7.78.5.2
libMagickWand1-32bit-6.4.3.6-7.78.5.2
perl-PerlMagick-6.4.3.6-7.78.5.2
Ссылки
- Link for SUSE-SU-2017:2176-1
- E-Mail link for SUSE-SU-2017:2176-1
- SUSE Security Ratings
- SUSE Bug 1042826
- SUSE Bug 1043289
- SUSE Bug 1049072
- SUSE CVE CVE-2017-11403 page
- SUSE CVE CVE-2017-9439 page
- SUSE CVE CVE-2017-9501 page
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
Ссылки
- CVE-2017-11403
- SUSE Bug 1049072
- SUSE Bug 1053809
- SUSE Bug 1053919
- SUSE Bug 1054600
- SUSE Bug 1057000
- SUSE Bug 1084062
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
Ссылки
- CVE-2017-9439
- SUSE Bug 1042826
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.5.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.5.2
Ссылки
- CVE-2017-9501
- SUSE Bug 1043289
- SUSE Bug 1053919