Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069)
- CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072).
- CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747).
- CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746).
- CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545)
- CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
ImageMagick-6.8.8.1-71.82.1
libMagick++-6_Q16-3-6.8.8.1-71.82.1
libMagickCore-6_Q16-1-6.8.8.1-71.82.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
libMagickWand-6_Q16-1-6.8.8.1-71.82.1
SUSE Linux Enterprise Server 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.82.1
libMagickWand-6_Q16-1-6.8.8.1-71.82.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.82.1
libMagickWand-6_Q16-1-6.8.8.1-71.82.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ImageMagick-6.8.8.1-71.82.1
ImageMagick-devel-6.8.8.1-71.82.1
libMagick++-6_Q16-3-6.8.8.1-71.82.1
libMagick++-devel-6.8.8.1-71.82.1
perl-PerlMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Workstation Extension 12 SP3
ImageMagick-6.8.8.1-71.82.1
libMagick++-6_Q16-3-6.8.8.1-71.82.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
Ссылки
- Link for SUSE-SU-2018:3191-1
- E-Mail link for SUSE-SU-2018:3191-1
- SUSE Security Ratings
- SUSE Bug 1098545
- SUSE Bug 1098546
- SUSE Bug 1110746
- SUSE Bug 1110747
- SUSE Bug 1111069
- SUSE Bug 1111072
- SUSE CVE CVE-2017-13058 page
- SUSE CVE CVE-2018-12599 page
- SUSE CVE CVE-2018-12600 page
- SUSE CVE CVE-2018-17965 page
- SUSE CVE CVE-2018-17966 page
- SUSE CVE CVE-2018-18016 page
- SUSE CVE CVE-2018-18024 page
Описание
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2017-13058
- SUSE Bug 1055069
- SUSE Bug 1111072
- SUSE Bug 1117463
Описание
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-12599
- SUSE Bug 1098546
- SUSE Bug 1117463
Описание
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-12600
- SUSE Bug 1098545
- SUSE Bug 1098546
- SUSE Bug 1117463
Описание
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-17965
- SUSE Bug 1110747
- SUSE Bug 1117463
Описание
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-17966
- SUSE Bug 1110746
- SUSE Bug 1117463
Описание
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-18016
- SUSE Bug 1111072
- SUSE Bug 1117463
Описание
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.82.1
Ссылки
- CVE-2018-18024
- SUSE Bug 1111069
- SUSE Bug 1117463