Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
The following security vulnerabilities were fixed:
- CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858)
- CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855)
- CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage (bsc#1102003)
- CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007)
- CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005)
- CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004)
- Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
ImageMagick-6.8.8.1-71.74.1
libMagick++-6_Q16-3-6.8.8.1-71.74.1
libMagickCore-6_Q16-1-6.8.8.1-71.74.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
libMagickWand-6_Q16-1-6.8.8.1-71.74.1
SUSE Linux Enterprise Server 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.74.1
libMagickWand-6_Q16-1-6.8.8.1-71.74.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.74.1
libMagickWand-6_Q16-1-6.8.8.1-71.74.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ImageMagick-6.8.8.1-71.74.1
ImageMagick-devel-6.8.8.1-71.74.1
libMagick++-6_Q16-3-6.8.8.1-71.74.1
libMagick++-devel-6.8.8.1-71.74.1
perl-PerlMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Workstation Extension 12 SP3
ImageMagick-6.8.8.1-71.74.1
libMagick++-6_Q16-3-6.8.8.1-71.74.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
Ссылки
- Link for SUSE-SU-2018:2778-1
- E-Mail link for SUSE-SU-2018:2778-1
- SUSE Security Ratings
- SUSE Bug 1102003
- SUSE Bug 1102004
- SUSE Bug 1102005
- SUSE Bug 1102007
- SUSE Bug 1105592
- SUSE Bug 1106855
- SUSE Bug 1106858
- SUSE CVE CVE-2018-14434 page
- SUSE CVE CVE-2018-14435 page
- SUSE CVE CVE-2018-14436 page
- SUSE CVE CVE-2018-14437 page
- SUSE CVE CVE-2018-16323 page
- SUSE CVE CVE-2018-16329 page
Описание
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-14434
- SUSE Bug 1102003
Описание
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-14435
- SUSE Bug 1102007
Описание
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-14436
- SUSE Bug 1102005
Описание
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-14437
- SUSE Bug 1102004
Описание
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-16323
- SUSE Bug 1106855
Описание
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.74.1
Ссылки
- CVE-2018-16329
- SUSE Bug 1106858