Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1331-1

Опубликовано: 04 мая 2019
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).

  • CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).

  • CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).

  • CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054).

  • Added extra -config- packages with Postscript/EPS/PDF readers still enabled.

    Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033)

    These are two packages that can be selected:

    • ImageMagick-config-7-SUSE: This has the PS decoders disabled.
    • ImageMagick-config-7-upstream: This has the PS decoders enabled.

    Depending on your local needs install either one of them. The default is the -SUSE configuration.

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
ImageMagick-7.0.7.34-lp150.2.29.1
ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
ImageMagick-devel-7.0.7.34-lp150.2.29.1
ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
ImageMagick-doc-7.0.7.34-lp150.2.29.1
ImageMagick-extra-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.29.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.29.1
libMagick++-devel-7.0.7.34-lp150.2.29.1
libMagick++-devel-32bit-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.29.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.29.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.29.1
perl-PerlMagick-7.0.7.34-lp150.2.29.1

Ссылки

Описание

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

Затронутые продукты
openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

Затронутые продукты
openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
Ссылки

Описание

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
Ссылки

Описание

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

Затронутые продукты
openSUSE Leap 15.0:ImageMagick-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1
openSUSE Leap 15.0:ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1
Ссылки