Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1033-1

Опубликовано: 25 апр. 2019
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).

  • CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).

  • CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).

  • CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381).

  • CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).

  • CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).

  • CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368).

  • CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989).

  • CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996).

  • CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609).

  • CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).

  • CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054).

  • CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053).

  • Added extra -config- packages with Postscript/EPS/PDF readers still enabled.

    Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033)

    These are two packages that can be selected:

    • ImageMagick-config-6-SUSE: This has the PS decoders disabled.
    • ImageMagick-config-6-upstream: This has the PS decoders enabled.

    Depending on your local needs install either one of them. The default is the -SUSE configuration.

Список пакетов

SUSE Enterprise Storage 4
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Desktop 12 SP3
ImageMagick-6.8.8.1-71.108.1
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Desktop 12 SP4
ImageMagick-6.8.8.1-71.108.1
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12 SP1-LTSS
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12 SP2-BCL
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12 SP2-LTSS
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12 SP3
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12 SP4
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-LTSS
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ImageMagick-6.8.8.1-71.108.1
ImageMagick-devel-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagick++-devel-6.8.8.1-71.108.1
perl-PerlMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Software Development Kit 12 SP4
ImageMagick-6.8.8.1-71.108.1
ImageMagick-devel-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagick++-devel-6.8.8.1-71.108.1
perl-PerlMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Workstation Extension 12 SP3
ImageMagick-6.8.8.1-71.108.1
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1
SUSE Linux Enterprise Workstation Extension 12 SP4
ImageMagick-6.8.8.1-71.108.1
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagick++-6_Q16-3-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1
SUSE OpenStack Cloud 7
ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
ImageMagick-config-6-upstream-6.8.8.1-71.108.1
libMagickCore-6_Q16-1-6.8.8.1-71.108.1
libMagickWand-6_Q16-1-6.8.8.1-71.108.1

Ссылки

Описание

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки

Описание

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

Затронутые продукты
SUSE Enterprise Storage 4:ImageMagick-config-6-SUSE-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:ImageMagick-config-6-upstream-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickCore-6_Q16-1-6.8.8.1-71.108.1
SUSE Enterprise Storage 4:libMagickWand-6_Q16-1-6.8.8.1-71.108.1
Ссылки
Уязвимость SUSE-SU-2019:1033-1