Описание
Security update for ImageMagick
This update for ImageMagick fixes several issues.
These security issues were fixed:
- CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135).
- CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219).
- CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430).
- CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libMagickCore1-6.4.3.6-7.78.8.1
libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libMagickCore1-6.4.3.6-7.78.8.1
libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ImageMagick-6.4.3.6-7.78.8.1
ImageMagick-devel-6.4.3.6-7.78.8.1
libMagick++-devel-6.4.3.6-7.78.8.1
libMagick++1-6.4.3.6-7.78.8.1
libMagickWand1-6.4.3.6-7.78.8.1
libMagickWand1-32bit-6.4.3.6-7.78.8.1
perl-PerlMagick-6.4.3.6-7.78.8.1
Ссылки
- Link for SUSE-SU-2017:3168-1
- E-Mail link for SUSE-SU-2017:3168-1
- SUSE Security Ratings
- SUSE Bug 1050135
- SUSE Bug 1055219
- SUSE Bug 1055430
- SUSE Bug 1061873
- SUSE CVE CVE-2017-11534 page
- SUSE CVE CVE-2017-13133 page
- SUSE CVE CVE-2017-13139 page
- SUSE CVE CVE-2017-15033 page
Описание
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
Ссылки
- CVE-2017-11534
- SUSE Bug 1050135
Описание
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
Ссылки
- CVE-2017-13133
- SUSE Bug 1055219
Описание
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
Ссылки
- CVE-2017-13139
- SUSE Bug 1055430
Описание
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-7.78.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-7.78.8.1
Ссылки
- CVE-2017-15033
- SUSE Bug 1061873