Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
ImageMagick-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP3
ImageMagick-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Server 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Server 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.5.3
libMagickWand-6_Q16-1-6.8.8.1-71.5.3
SUSE Linux Enterprise Software Development Kit 12 SP2
ImageMagick-6.8.8.1-71.5.3
ImageMagick-devel-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-devel-6.8.8.1-71.5.3
perl-PerlMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Software Development Kit 12 SP3
ImageMagick-6.8.8.1-71.5.3
ImageMagick-devel-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagick++-devel-6.8.8.1-71.5.3
perl-PerlMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Workstation Extension 12 SP2
ImageMagick-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Workstation Extension 12 SP3
ImageMagick-6.8.8.1-71.5.3
libMagick++-6_Q16-3-6.8.8.1-71.5.3
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
Ссылки
- Link for SUSE-SU-2017:2199-1
- E-Mail link for SUSE-SU-2017:2199-1
- SUSE Security Ratings
- SUSE Bug 1042812
- SUSE Bug 1042826
- SUSE Bug 1043289
- SUSE Bug 1049072
- SUSE CVE CVE-2017-11403 page
- SUSE CVE CVE-2017-9439 page
- SUSE CVE CVE-2017-9440 page
- SUSE CVE CVE-2017-9501 page
Описание
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-71.5.3
Ссылки
- CVE-2017-11403
- SUSE Bug 1049072
- SUSE Bug 1053809
- SUSE Bug 1053919
- SUSE Bug 1054600
- SUSE Bug 1057000
- SUSE Bug 1084062
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-71.5.3
Ссылки
- CVE-2017-9439
- SUSE Bug 1042826
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-71.5.3
Ссылки
- CVE-2017-9440
- SUSE Bug 1042812
- SUSE Bug 1053919
Описание
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-71.5.3
Ссылки
- CVE-2017-9501
- SUSE Bug 1043289
- SUSE Bug 1053919