Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).
- Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
ImageMagick-7.0.7.34-3.64.2
ImageMagick-config-7-SUSE-7.0.7.34-3.64.2
ImageMagick-config-7-upstream-7.0.7.34-3.64.2
ImageMagick-devel-7.0.7.34-3.64.2
libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2
libMagick++-devel-7.0.7.34-3.64.2
libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2
libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
ImageMagick-7.0.7.34-3.64.2
ImageMagick-config-7-SUSE-7.0.7.34-3.64.2
ImageMagick-devel-7.0.7.34-3.64.2
libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2
libMagick++-devel-7.0.7.34-3.64.2
libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2
libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Development Tools 15
perl-PerlMagick-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Development Tools 15 SP1
perl-PerlMagick-7.0.7.34-3.64.2
Ссылки
- Link for SUSE-SU-2019:1773-1
- E-Mail link for SUSE-SU-2019:1773-1
- SUSE Security Ratings
- SUSE Bug 1138425
- SUSE Bug 1138464
- SUSE CVE CVE-2019-11597 page
Описание
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.64.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2
Ссылки
- CVE-2019-11597
- SUSE Bug 1138464
- SUSE Bug 1146211