Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
ImageMagick-7.1.0.9-150400.6.15.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.15.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.15.1
ImageMagick-devel-7.1.0.9-150400.6.15.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.15.1
libMagick++-devel-7.1.0.9-150400.6.15.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.15.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
perl-PerlMagick-7.1.0.9-150400.6.15.1
openSUSE Leap 15.4
ImageMagick-7.1.0.9-150400.6.15.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.15.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.15.1
ImageMagick-devel-7.1.0.9-150400.6.15.1
ImageMagick-devel-32bit-7.1.0.9-150400.6.15.1
ImageMagick-doc-7.1.0.9-150400.6.15.1
ImageMagick-extra-7.1.0.9-150400.6.15.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.15.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.15.1
libMagick++-devel-7.1.0.9-150400.6.15.1
libMagick++-devel-32bit-7.1.0.9-150400.6.15.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.15.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.15.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.15.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.15.1
perl-PerlMagick-7.1.0.9-150400.6.15.1
Ссылки
- Link for SUSE-SU-2023:1733-1
- E-Mail link for SUSE-SU-2023:1733-1
- SUSE Security Ratings
- SUSE Bug 1209141
- SUSE CVE CVE-2023-1289 page
Описание
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-7.1.0.9-150400.6.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-SUSE-7.1.0.9-150400.6.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-upstream-7.1.0.9-150400.6.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-devel-7.1.0.9-150400.6.15.1
Ссылки
- CVE-2023-1289
- SUSE Bug 1209141