Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399]
- CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
ImageMagick-6.8.8.1-71.85.1
libMagick++-6_Q16-3-6.8.8.1-71.85.1
libMagickCore-6_Q16-1-6.8.8.1-71.85.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1
libMagickWand-6_Q16-1-6.8.8.1-71.85.1
SUSE Linux Enterprise Server 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.85.1
libMagickWand-6_Q16-1-6.8.8.1-71.85.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libMagickCore-6_Q16-1-6.8.8.1-71.85.1
libMagickWand-6_Q16-1-6.8.8.1-71.85.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ImageMagick-6.8.8.1-71.85.1
ImageMagick-devel-6.8.8.1-71.85.1
libMagick++-6_Q16-3-6.8.8.1-71.85.1
libMagick++-devel-6.8.8.1-71.85.1
perl-PerlMagick-6.8.8.1-71.85.1
SUSE Linux Enterprise Workstation Extension 12 SP3
ImageMagick-6.8.8.1-71.85.1
libMagick++-6_Q16-3-6.8.8.1-71.85.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1
Ссылки
- Link for SUSE-SU-2018:3465-1
- E-Mail link for SUSE-SU-2018:3465-1
- SUSE Security Ratings
- SUSE Bug 1107609
- SUSE Bug 1112399
- SUSE CVE CVE-2017-14997 page
- SUSE CVE CVE-2018-16644 page
Описание
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.85.1
Ссылки
- CVE-2017-14997
- SUSE Bug 1112399
- SUSE Bug 1117463
Описание
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:ImageMagick-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagick++-6_Q16-3-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85.1
SUSE Linux Enterprise Desktop 12 SP3:libMagickCore-6_Q16-1-6.8.8.1-71.85.1
Ссылки
- CVE-2018-16644
- SUSE Bug 1107609
- SUSE Bug 1107612
- SUSE Bug 1117463