openSUSE-SU-2019:1141-1

Опубликовано: 04 апр. 2019

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649).
CVE-2018-18544: Fixed a memory leak in the function WriteMSLImage (bsc#1113064).
CVE-2018-20467: Fixed an infinite loop in coders/bmp.c (bsc#1120381).
CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365).
CVE-2019-7396: Fixed a memory leak in the function ReadSIXELImage (bsc#1124367).
CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368).
CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366).
CVE-2018-16412: Prevent heap-based buffer over-read in the ParseImageResourceBlocks function leading to DOS (bsc#1106996).

Non-security issue fixed:

Fixed a regression in regards to the 'edge' comand line flag (bsc#1106415)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

ImageMagick-7.0.7.34-lp150.2.26.1

ImageMagick-devel-7.0.7.34-lp150.2.26.1

ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

ImageMagick-doc-7.0.7.34-lp150.2.26.1

ImageMagick-extra-7.0.7.34-lp150.2.26.1

libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.26.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.26.1

libMagick++-devel-7.0.7.34-lp150.2.26.1

libMagick++-devel-32bit-7.0.7.34-lp150.2.26.1

libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.26.1

libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1

libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.26.1

libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.26.1

perl-PerlMagick-7.0.7.34-lp150.2.26.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA/#LKV3XYLWNGPVANCMRIU3RYCDYWNHSAZA
E-Mail link for openSUSE-SU-2019:1141-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1106415
SUSE Bug 1106415
https://bugzilla.suse.com/1106996
SUSE Bug 1106996
https://bugzilla.suse.com/1113064
SUSE Bug 1113064
https://bugzilla.suse.com/1120381
SUSE Bug 1120381
https://bugzilla.suse.com/1124365
SUSE Bug 1124365
https://bugzilla.suse.com/1124366
SUSE Bug 1124366
https://bugzilla.suse.com/1124367
SUSE Bug 1124367
https://bugzilla.suse.com/1124368
SUSE Bug 1124368
https://bugzilla.suse.com/1128649
SUSE Bug 1128649
https://www.suse.com/security/cve/CVE-2018-16412/
SUSE CVE CVE-2018-16412 page
https://www.suse.com/security/cve/CVE-2018-18544/
SUSE CVE CVE-2018-18544 page
https://www.suse.com/security/cve/CVE-2018-20467/
SUSE CVE CVE-2018-20467 page
https://www.suse.com/security/cve/CVE-2019-7175/
SUSE CVE CVE-2019-7175 page
https://www.suse.com/security/cve/CVE-2019-7395/
SUSE CVE CVE-2019-7395 page
https://www.suse.com/security/cve/CVE-2019-7396/
SUSE CVE CVE-2019-7396 page
https://www.suse.com/security/cve/CVE-2019-7397/
SUSE CVE CVE-2019-7397 page
https://www.suse.com/security/cve/CVE-2019-7398/
SUSE CVE CVE-2019-7398 page

Описание

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16412.html
CVE-2018-16412
https://bugzilla.suse.com/1106989
SUSE Bug 1106989
https://bugzilla.suse.com/1106996
SUSE Bug 1106996

Описание

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18544.html
CVE-2018-18544
https://bugzilla.suse.com/1113064
SUSE Bug 1113064

Описание

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20467.html
CVE-2018-20467
https://bugzilla.suse.com/1120381
SUSE Bug 1120381

Описание

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7175.html
CVE-2019-7175
https://bugzilla.suse.com/1128649
SUSE Bug 1128649

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7395.html
CVE-2019-7395
https://bugzilla.suse.com/1124368
SUSE Bug 1124368

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7396.html
CVE-2019-7396
https://bugzilla.suse.com/1124367
SUSE Bug 1124367

Описание

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7397.html
CVE-2019-7397
https://bugzilla.suse.com/1124366
SUSE Bug 1124366

Описание

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

Затронутые продукты

openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-devel-7.0.7.34-lp150.2.26.1

openSUSE Leap 15.0:ImageMagick-doc-7.0.7.34-lp150.2.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-7398.html
CVE-2019-7398
https://bugzilla.suse.com/1124365
SUSE Bug 1124365

openSUSE-SU-2019:1141-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-16412

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18544

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-20467

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7175

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7395

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7396

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7397

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-7398

Описание

Затронутые продукты

Ссылки