Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

openSUSE 13.2: 2016:3233-1 Important: ImageMagick Remote Execution

opensuse
Calendar Grey December 22, 2016
Dist Opensuse Esm H88
This patch addresses significant security flaws in OpenSSL, tackling potential remote access threats and enhancing protection for Ubuntu.
An update that fixes 5 vulnerabilities is now available

Description

This security update for ImageMagick fixes the following issues:

- a maliciously crafted compressed TIFF image could cause code remote code

execution in the convert utility in particular circumstances

(CVE-2016-8707, boo#1014159)

- a memory allocation failure was fixed (CVE-2016-8866, boo#1009318,

follow up on CVE-2016-8862)

- the identify utility could crash on maliciously crafted images

(CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)

Topics%20covered

Topics Covered

security advisory security issue update software patch remote execution image processing openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1512=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

ImageMagick-6.8.9.8-45.1

ImageMagick-debuginfo-6.8.9.8-45.1

ImageMagick-debugsource-6.8.9.8-45.1

ImageMagick-devel-6.8.9.8-45.1

ImageMagick-extra-6.8.9.8-45.1

ImageMagick-extra-debuginfo-6.8.9.8-45.1

libMagick++-6_Q16-5-6.8.9.8-45.1

libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1

libMagick++-devel-6.8.9.8-45.1

libMagickCore-6_Q16-2-6.8.9.8-45.1

libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1

libMagickWand-6_Q16-2-6.8.9.8-45.1

libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1

perl-PerlMagick-6.8.9.8-45.1

perl-PerlMagick-debuginfo-6.8.9.8-45.1

- openSUSE 13.2 (x86_64):

ImageMagick-devel-32bit-6.8.9.8-45.1

libMagick++-6_Q16-5-32bit-6.8.9.8-45.1

libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1

libMagick++-devel-32bit-6.8.9.8-45.1

libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1

libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1

libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1

libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1

- openSUSE 13.2 (noarch):

ImageMagick-doc-6.8.9.8-45.1

References

https://www.suse.com/security/cve/CVE-2016-8707.html

https://www.suse.com/security/cve/CVE-2016-8862.html

https://www.suse.com/security/cve/CVE-2016-8866.html

https://www.suse.com/security/cve/CVE-2016-9556.html

https://www.suse.com/security/cve/CVE-2016-9773.html

https://bugzilla.suse.com/show_bug.cgi?id=1009318

https://bugzilla.suse.com/show_bug.cgi?id=1013376

https://bugzilla.suse.com/show_bug.cgi?id=1014159

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:3233-1
Rating: important
Affected Products: openSUSE 13.2 .

Topics%20covered

Topics Covered

security advisory security issue update software patch remote execution image processing openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here