openSUSE-SU-2018:2811-1

Опубликовано: 24 сент. 2018

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

The following security vulnerabilities were fixed:

CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858)
CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855)
CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage (bsc#1102003)
CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007)
CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005)
CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004)
Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

ImageMagick-6.8.8.1-67.1

ImageMagick-devel-6.8.8.1-67.1

ImageMagick-devel-32bit-6.8.8.1-67.1

ImageMagick-doc-6.8.8.1-67.1

ImageMagick-extra-6.8.8.1-67.1

libMagick++-6_Q16-3-6.8.8.1-67.1

libMagick++-6_Q16-3-32bit-6.8.8.1-67.1

libMagick++-devel-6.8.8.1-67.1

libMagick++-devel-32bit-6.8.8.1-67.1

libMagickCore-6_Q16-1-6.8.8.1-67.1

libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1

libMagickWand-6_Q16-1-6.8.8.1-67.1

libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1

perl-PerlMagick-6.8.8.1-67.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html
E-Mail link for openSUSE-SU-2018:2811-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14434.html
CVE-2018-14434
https://bugzilla.suse.com/1102003
SUSE Bug 1102003

Описание

ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14435.html
CVE-2018-14435
https://bugzilla.suse.com/1102007
SUSE Bug 1102007

Описание

ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14436.html
CVE-2018-14436
https://bugzilla.suse.com/1102005
SUSE Bug 1102005

Описание

ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14437.html
CVE-2018-14437
https://bugzilla.suse.com/1102004
SUSE Bug 1102004

Описание

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16323.html
CVE-2018-16323
https://bugzilla.suse.com/1106855
SUSE Bug 1106855

Описание

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16329.html
CVE-2018-16329
https://bugzilla.suse.com/1106858
SUSE Bug 1106858

openSUSE-SU-2018:2811-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-14434

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-14435

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-14436

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-14437

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16323

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16329

Описание

Затронутые продукты

Ссылки