SUSE-SU-2023:2344-1

Опубликовано: 01 июн. 2023

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791).
CVE-2023-34153: Fixed a command injection issue when encoding or decoding VIDEO files (bsc#1211792).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

ImageMagick-7.1.0.9-150400.6.21.1

ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

ImageMagick-devel-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1

libMagick++-devel-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

ImageMagick-7.1.0.9-150400.6.21.1

ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

ImageMagick-devel-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1

libMagick++-devel-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

perl-PerlMagick-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

perl-PerlMagick-7.1.0.9-150400.6.21.1

openSUSE Leap 15.4

ImageMagick-7.1.0.9-150400.6.21.1

ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

ImageMagick-devel-7.1.0.9-150400.6.21.1

ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1

ImageMagick-doc-7.1.0.9-150400.6.21.1

ImageMagick-extra-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1

libMagick++-devel-7.1.0.9-150400.6.21.1

libMagick++-devel-32bit-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1

perl-PerlMagick-7.1.0.9-150400.6.21.1

openSUSE Leap 15.5

ImageMagick-7.1.0.9-150400.6.21.1

ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

ImageMagick-devel-7.1.0.9-150400.6.21.1

ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1

ImageMagick-doc-7.1.0.9-150400.6.21.1

ImageMagick-extra-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1

libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1

libMagick++-devel-7.1.0.9-150400.6.21.1

libMagick++-devel-32bit-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1

libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1

perl-PerlMagick-7.1.0.9-150400.6.21.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232344-1/
Link for SUSE-SU-2023:2344-1
https://lists.suse.com/pipermail/sle-security-updates/2023-June/015033.html
E-Mail link for SUSE-SU-2023:2344-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1211791
SUSE Bug 1211791
https://bugzilla.suse.com/1211792
SUSE Bug 1211792
https://www.suse.com/security/cve/CVE-2023-34151/
SUSE CVE CVE-2023-34151 page
https://www.suse.com/security/cve/CVE-2023-34153/
SUSE CVE CVE-2023-34153 page

Описание

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-devel-7.1.0.9-150400.6.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-34151.html
CVE-2023-34151
https://bugzilla.suse.com/1211791
SUSE Bug 1211791

Описание

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4:ImageMagick-devel-7.1.0.9-150400.6.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-34153.html
CVE-2023-34153
https://bugzilla.suse.com/1211792
SUSE Bug 1211792

SUSE-SU-2023:2344-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Module for Development Tools 15 SP4

SUSE Linux Enterprise Module for Development Tools 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-34151

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-34153

Описание

Затронутые продукты

Ссылки