SUSE-SU-2023:1756-1

Опубликовано: 04 апр. 2023

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141)

Список пакетов

SUSE Linux Enterprise Real Time 15 SP3

ImageMagick-7.0.7.34-150200.10.45.1

ImageMagick-config-7-SUSE-7.0.7.34-150200.10.45.1

ImageMagick-config-7-upstream-7.0.7.34-150200.10.45.1

ImageMagick-devel-7.0.7.34-150200.10.45.1

libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.45.1

libMagick++-devel-7.0.7.34-150200.10.45.1

libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.45.1

libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.45.1

perl-PerlMagick-7.0.7.34-150200.10.45.1

openSUSE Leap 15.4

libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.45.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.45.1

libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.45.1

libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.45.1

libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.45.1

libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.45.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231756-1/
Link for SUSE-SU-2023:1756-1
https://lists.suse.com/pipermail/sle-updates/2023-April/028618.html
E-Mail link for SUSE-SU-2023:1756-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209141
SUSE Bug 1209141
https://www.suse.com/security/cve/CVE-2023-1289/
SUSE CVE CVE-2023-1289 page

Описание

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Затронутые продукты

SUSE Linux Enterprise Real Time 15 SP3:ImageMagick-7.0.7.34-150200.10.45.1

SUSE Linux Enterprise Real Time 15 SP3:ImageMagick-config-7-SUSE-7.0.7.34-150200.10.45.1

SUSE Linux Enterprise Real Time 15 SP3:ImageMagick-config-7-upstream-7.0.7.34-150200.10.45.1

SUSE Linux Enterprise Real Time 15 SP3:ImageMagick-devel-7.0.7.34-150200.10.45.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-1289.html
CVE-2023-1289
https://bugzilla.suse.com/1209141
SUSE Bug 1209141

SUSE-SU-2023:1756-1

Описание

Список пакетов

SUSE Linux Enterprise Real Time 15 SP3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-1289

Описание

Затронутые продукты

Ссылки