Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237)
- CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204)
- CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277)
- CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812)
- CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545)
- CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546)
- CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003)
- CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007)
- CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005)
- CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libMagickCore1-6.4.3.6-78.56.1
libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libMagickCore1-6.4.3.6-78.56.1
libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ImageMagick-6.4.3.6-78.56.1
ImageMagick-devel-6.4.3.6-78.56.1
libMagick++-devel-6.4.3.6-78.56.1
libMagick++1-6.4.3.6-78.56.1
libMagickWand1-6.4.3.6-78.56.1
libMagickWand1-32bit-6.4.3.6-78.56.1
perl-PerlMagick-6.4.3.6-78.56.1
Ссылки
- Link for SUSE-SU-2018:2465-1
- E-Mail link for SUSE-SU-2018:2465-1
- SUSE Security Ratings
- SUSE Bug 1056277
- SUSE Bug 1094204
- SUSE Bug 1094237
- SUSE Bug 1095812
- SUSE Bug 1098545
- SUSE Bug 1098546
- SUSE Bug 1102003
- SUSE Bug 1102004
- SUSE Bug 1102005
- SUSE Bug 1102007
- SUSE CVE CVE-2017-13758 page
- SUSE CVE CVE-2017-18271 page
- SUSE CVE CVE-2018-10805 page
- SUSE CVE CVE-2018-11251 page
- SUSE CVE CVE-2018-12599 page
- SUSE CVE CVE-2018-12600 page
- SUSE CVE CVE-2018-14434 page
Описание
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2017-13758
- SUSE Bug 1056277
- SUSE Bug 1096261
Описание
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2017-18271
- SUSE Bug 1094204
Описание
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-10805
- SUSE Bug 1095812
Описание
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-11251
- SUSE Bug 1094237
Описание
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-12599
- SUSE Bug 1098546
- SUSE Bug 1117463
Описание
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-12600
- SUSE Bug 1098545
- SUSE Bug 1098546
- SUSE Bug 1117463
Описание
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-14434
- SUSE Bug 1102003
Описание
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-14435
- SUSE Bug 1102007
Описание
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-14436
- SUSE Bug 1102005
Описание
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.56.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.56.1
Ссылки
- CVE-2018-14437
- SUSE Bug 1102004