Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0606-1

Опубликовано: 23 апр. 2021
Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

  • CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624)
  • CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626)
  • CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627)
  • CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2
ImageMagick-7.0.7.34-lp152.12.15.1
ImageMagick-config-7-SUSE-7.0.7.34-lp152.12.15.1
ImageMagick-config-7-upstream-7.0.7.34-lp152.12.15.1
ImageMagick-devel-7.0.7.34-lp152.12.15.1
ImageMagick-devel-32bit-7.0.7.34-lp152.12.15.1
ImageMagick-doc-7.0.7.34-lp152.12.15.1
ImageMagick-extra-7.0.7.34-lp152.12.15.1
libMagick++-7_Q16HDRI4-7.0.7.34-lp152.12.15.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp152.12.15.1
libMagick++-devel-7.0.7.34-lp152.12.15.1
libMagick++-devel-32bit-7.0.7.34-lp152.12.15.1
libMagickCore-7_Q16HDRI6-7.0.7.34-lp152.12.15.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp152.12.15.1
libMagickWand-7_Q16HDRI6-7.0.7.34-lp152.12.15.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp152.12.15.1
perl-PerlMagick-7.0.7.34-lp152.12.15.1

Ссылки

Описание

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты
openSUSE Leap 15.2:ImageMagick-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-SUSE-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-upstream-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-devel-32bit-7.0.7.34-lp152.12.15.1
Ссылки

Описание

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты
openSUSE Leap 15.2:ImageMagick-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-SUSE-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-upstream-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-devel-32bit-7.0.7.34-lp152.12.15.1
Ссылки

Описание

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Затронутые продукты
openSUSE Leap 15.2:ImageMagick-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-SUSE-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-upstream-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-devel-32bit-7.0.7.34-lp152.12.15.1
Ссылки

Описание

A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

Затронутые продукты
openSUSE Leap 15.2:ImageMagick-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-SUSE-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-config-7-upstream-7.0.7.34-lp152.12.15.1
openSUSE Leap 15.2:ImageMagick-devel-32bit-7.0.7.34-lp152.12.15.1
Ссылки