openSUSE-SU-2018:3225-1

Опубликовано: 18 окт. 2018

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069)
CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072).
CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747).
CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746).
CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545)
CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

ImageMagick-6.8.8.1-73.1

ImageMagick-devel-6.8.8.1-73.1

ImageMagick-devel-32bit-6.8.8.1-73.1

ImageMagick-doc-6.8.8.1-73.1

ImageMagick-extra-6.8.8.1-73.1

libMagick++-6_Q16-3-6.8.8.1-73.1

libMagick++-6_Q16-3-32bit-6.8.8.1-73.1

libMagick++-devel-6.8.8.1-73.1

libMagick++-devel-32bit-6.8.8.1-73.1

libMagickCore-6_Q16-1-6.8.8.1-73.1

libMagickCore-6_Q16-1-32bit-6.8.8.1-73.1

libMagickWand-6_Q16-1-6.8.8.1-73.1

libMagickWand-6_Q16-1-32bit-6.8.8.1-73.1

perl-PerlMagick-6.8.8.1-73.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00040.html
E-Mail link for openSUSE-SU-2018:3225-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-13058.html
CVE-2017-13058
https://bugzilla.suse.com/1055069
SUSE Bug 1055069
https://bugzilla.suse.com/1111072
SUSE Bug 1111072
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12599.html
CVE-2018-12599
https://bugzilla.suse.com/1098546
SUSE Bug 1098546
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12600.html
CVE-2018-12600
https://bugzilla.suse.com/1098545
SUSE Bug 1098545
https://bugzilla.suse.com/1098546
SUSE Bug 1098546
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-17965.html
CVE-2018-17965
https://bugzilla.suse.com/1110747
SUSE Bug 1110747
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-17966.html
CVE-2018-17966
https://bugzilla.suse.com/1110746
SUSE Bug 1110746
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18016.html
CVE-2018-18016
https://bugzilla.suse.com/1111072
SUSE Bug 1111072
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

Описание

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Затронутые продукты

openSUSE Leap 42.3:ImageMagick-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-73.1

openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-73.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18024.html
CVE-2018-18024
https://bugzilla.suse.com/1111069
SUSE Bug 1111069
https://bugzilla.suse.com/1117463
SUSE Bug 1117463

openSUSE-SU-2018:3225-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-13058

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-12599

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-12600

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-17965

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-17966

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18016

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18024

Описание

Затронутые продукты

Ссылки