SUSE-SU-2021:1277-1

Опубликовано: 20 апр. 2021

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624)
CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626)
CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627)
CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628)

Список пакетов

SUSE Linux Enterprise Server 12 SP5

ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

ImageMagick-config-6-upstream-6.8.8.1-71.165.1

libMagickCore-6_Q16-1-6.8.8.1-71.165.1

libMagickWand-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

ImageMagick-config-6-upstream-6.8.8.1-71.165.1

libMagickCore-6_Q16-1-6.8.8.1-71.165.1

libMagickWand-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Software Development Kit 12 SP5

ImageMagick-6.8.8.1-71.165.1

ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

ImageMagick-config-6-upstream-6.8.8.1-71.165.1

ImageMagick-devel-6.8.8.1-71.165.1

libMagick++-6_Q16-3-6.8.8.1-71.165.1

libMagick++-devel-6.8.8.1-71.165.1

perl-PerlMagick-6.8.8.1-71.165.1

SUSE Linux Enterprise Workstation Extension 12 SP5

ImageMagick-6.8.8.1-71.165.1

libMagick++-6_Q16-3-6.8.8.1-71.165.1

libMagickCore-6_Q16-1-32bit-6.8.8.1-71.165.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20211277-1/
Link for SUSE-SU-2021:1277-1
https://lists.suse.com/pipermail/sle-updates/2021-April/018645.html
E-Mail link for SUSE-SU-2021:1277-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184624
SUSE Bug 1184624
https://bugzilla.suse.com/1184626
SUSE Bug 1184626
https://bugzilla.suse.com/1184627
SUSE Bug 1184627
https://bugzilla.suse.com/1184628
SUSE Bug 1184628
https://www.suse.com/security/cve/CVE-2021-20309/
SUSE CVE CVE-2021-20309 page
https://www.suse.com/security/cve/CVE-2021-20311/
SUSE CVE CVE-2021-20311 page
https://www.suse.com/security/cve/CVE-2021-20312/
SUSE CVE CVE-2021-20312 page
https://www.suse.com/security/cve/CVE-2021-20313/
SUSE CVE CVE-2021-20313 page

Описание

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.165.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20309.html
CVE-2021-20309
https://bugzilla.suse.com/1184624
SUSE Bug 1184624

Описание

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.165.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20311.html
CVE-2021-20311
https://bugzilla.suse.com/1184626
SUSE Bug 1184626

Описание

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.165.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20312.html
CVE-2021-20312
https://bugzilla.suse.com/1184627
SUSE Bug 1184627

Описание

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.165.1

SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.165.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20313.html
CVE-2021-20313
https://bugzilla.suse.com/1184628
SUSE Bug 1184628

SUSE-SU-2021:1277-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2021-20309

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-20311

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-20312

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-20313

Описание

Затронутые продукты

Ссылки