Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1019-1

Опубликовано: 24 апр. 2019
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).

  • CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).

  • CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).

  • CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054).

  • Added extra -config- packages with Postscript/EPS/PDF readers still enabled.

    Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033)

    These are two packages that can be selected:

    • ImageMagick-config-7-SUSE: This has the PS decoders disabled.
    • ImageMagick-config-7-upstream: This has the PS decoders enabled.

    Depending on your local needs install either one of them. The default is the -SUSE configuration.

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15
ImageMagick-7.0.7.34-3.54.3
ImageMagick-config-7-SUSE-7.0.7.34-3.54.3
ImageMagick-config-7-upstream-7.0.7.34-3.54.3
ImageMagick-devel-7.0.7.34-3.54.3
libMagick++-7_Q16HDRI4-7.0.7.34-3.54.3
libMagick++-devel-7.0.7.34-3.54.3
libMagickCore-7_Q16HDRI6-7.0.7.34-3.54.3
libMagickWand-7_Q16HDRI6-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Development Tools 15
perl-PerlMagick-7.0.7.34-3.54.3

Ссылки

Описание

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-SUSE-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-upstream-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.54.3
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-SUSE-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-upstream-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.54.3
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-SUSE-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-upstream-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.54.3
Ссылки

Описание

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-SUSE-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-config-7-upstream-7.0.7.34-3.54.3
SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.54.3
Ссылки
Уязвимость SUSE-SU-2019:1019-1