Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:1734-1

Опубликовано: 03 апр. 2023
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141)

Список пакетов

SUSE Linux Enterprise Server 12 SP5
ImageMagick-config-6-SUSE-6.8.8.1-71.186.1
ImageMagick-config-6-upstream-6.8.8.1-71.186.1
libMagickCore-6_Q16-1-6.8.8.1-71.186.1
libMagickWand-6_Q16-1-6.8.8.1-71.186.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ImageMagick-config-6-SUSE-6.8.8.1-71.186.1
ImageMagick-config-6-upstream-6.8.8.1-71.186.1
libMagickCore-6_Q16-1-6.8.8.1-71.186.1
libMagickWand-6_Q16-1-6.8.8.1-71.186.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ImageMagick-6.8.8.1-71.186.1
ImageMagick-config-6-SUSE-6.8.8.1-71.186.1
ImageMagick-config-6-upstream-6.8.8.1-71.186.1
ImageMagick-devel-6.8.8.1-71.186.1
libMagick++-6_Q16-3-6.8.8.1-71.186.1
libMagick++-devel-6.8.8.1-71.186.1
perl-PerlMagick-6.8.8.1-71.186.1
SUSE Linux Enterprise Workstation Extension 12 SP5
ImageMagick-6.8.8.1-71.186.1
libMagick++-6_Q16-3-6.8.8.1-71.186.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.186.1

Ссылки

Описание

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-SUSE-6.8.8.1-71.186.1
SUSE Linux Enterprise Server 12 SP5:ImageMagick-config-6-upstream-6.8.8.1-71.186.1
SUSE Linux Enterprise Server 12 SP5:libMagickCore-6_Q16-1-6.8.8.1-71.186.1
SUSE Linux Enterprise Server 12 SP5:libMagickWand-6_Q16-1-6.8.8.1-71.186.1
Ссылки