SUSE-SU-2018:3808-1

Опубликовано: 19 нояб. 2018

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399)
CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609)
CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129)
CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635)

Список пакетов

SUSE Linux Enterprise Server 11 SP4

libMagickCore1-6.4.3.6-78.79.1

libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

libMagickCore1-6.4.3.6-78.79.1

libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Software Development Kit 11 SP4

ImageMagick-6.4.3.6-78.79.1

ImageMagick-devel-6.4.3.6-78.79.1

libMagick++-devel-6.4.3.6-78.79.1

libMagick++1-6.4.3.6-78.79.1

libMagickWand1-6.4.3.6-78.79.1

libMagickWand1-32bit-6.4.3.6-78.79.1

perl-PerlMagick-6.4.3.6-78.79.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183808-1/
Link for SUSE-SU-2018:3808-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004863.html
E-Mail link for SUSE-SU-2018:3808-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1050129
SUSE Bug 1050129
https://bugzilla.suse.com/1050635
SUSE Bug 1050635
https://bugzilla.suse.com/1107609
SUSE Bug 1107609
https://bugzilla.suse.com/1112399
SUSE Bug 1112399
https://www.suse.com/security/cve/CVE-2017-11532/
SUSE CVE CVE-2017-11532 page
https://www.suse.com/security/cve/CVE-2017-11639/
SUSE CVE CVE-2017-11639 page
https://www.suse.com/security/cve/CVE-2017-14997/
SUSE CVE CVE-2017-14997 page
https://www.suse.com/security/cve/CVE-2018-16644/
SUSE CVE CVE-2018-16644 page

Описание

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.79.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-11532.html
CVE-2017-11532
https://bugzilla.suse.com/1050129
SUSE Bug 1050129
https://bugzilla.suse.com/1050623
SUSE Bug 1050623

Описание

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.79.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-11639.html
CVE-2017-11639
https://bugzilla.suse.com/1050635
SUSE Bug 1050635

Описание

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.79.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-14997.html
CVE-2017-14997
https://bugzilla.suse.com/1112399
SUSE Bug 1112399
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server 11 SP4:libMagickCore1-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-32bit-6.4.3.6-78.79.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libMagickCore1-6.4.3.6-78.79.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16644.html
CVE-2018-16644
https://bugzilla.suse.com/1107609
SUSE Bug 1107609
https://bugzilla.suse.com/1107612
SUSE Bug 1107612
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

SUSE-SU-2018:3808-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2017-11532

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-11639

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-14997

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16644

Описание

Затронутые продукты

Ссылки