Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2896-1

Опубликовано: 05 нояб. 2019
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage (bsc#1146213).
  • CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser (bsc#1146212).
  • CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function (bsc#1146211).
  • CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage (bsc#1146068).
  • CVE-2019-14981: Fixed a use after free in the UnmapBlob function (bsc#1146065).
  • CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781).
  • CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782).
  • CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783).
  • CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784).
  • CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785).
  • CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15
ImageMagick-7.0.7.34-3.72.1
ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
ImageMagick-config-7-upstream-7.0.7.34-3.72.1
ImageMagick-devel-7.0.7.34-3.72.1
libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
libMagick++-devel-7.0.7.34-3.72.1
libMagickCore-7_Q16HDRI6-7.0.7.34-3.72.1
libMagickWand-7_Q16HDRI6-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
ImageMagick-7.0.7.34-3.72.1
ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
ImageMagick-devel-7.0.7.34-3.72.1
libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
libMagick++-devel-7.0.7.34-3.72.1
libMagickCore-7_Q16HDRI6-7.0.7.34-3.72.1
libMagickWand-7_Q16HDRI6-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Development Tools 15
perl-PerlMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Development Tools 15 SP1
perl-PerlMagick-7.0.7.34-3.72.1

Ссылки

Описание

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки

Описание

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-config-7-SUSE-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:ImageMagick-devel-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libMagick++-7_Q16HDRI4-7.0.7.34-3.72.1
Ссылки