openSUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:3233-1
Rating:             important
References:         #1009318 #1013376 #1014159 
Cross-References:   CVE-2016-8707 CVE-2016-8862 CVE-2016-8866
                    CVE-2016-9556 CVE-2016-9773
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:


   This security update for ImageMagick fixes the following issues:

   - a maliciously crafted compressed TIFF image could cause code remote code
     execution in the convert utility in particular circumstances
     (CVE-2016-8707, boo#1014159)
   - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318,
     follow up on CVE-2016-8862)
   - the identify utility could crash on maliciously crafted images
     (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2016-1512=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      ImageMagick-6.8.9.8-45.1
      ImageMagick-debuginfo-6.8.9.8-45.1
      ImageMagick-debugsource-6.8.9.8-45.1
      ImageMagick-devel-6.8.9.8-45.1
      ImageMagick-extra-6.8.9.8-45.1
      ImageMagick-extra-debuginfo-6.8.9.8-45.1
      libMagick++-6_Q16-5-6.8.9.8-45.1
      libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1
      libMagick++-devel-6.8.9.8-45.1
      libMagickCore-6_Q16-2-6.8.9.8-45.1
      libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1
      libMagickWand-6_Q16-2-6.8.9.8-45.1
      libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1
      perl-PerlMagick-6.8.9.8-45.1
      perl-PerlMagick-debuginfo-6.8.9.8-45.1

   - openSUSE 13.2 (x86_64):

      ImageMagick-devel-32bit-6.8.9.8-45.1
      libMagick++-6_Q16-5-32bit-6.8.9.8-45.1
      libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1
      libMagick++-devel-32bit-6.8.9.8-45.1
      libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1
      libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1
      libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1
      libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1

   - openSUSE 13.2 (noarch):

      ImageMagick-doc-6.8.9.8-45.1


References:

   https://www.suse.com/security/cve/CVE-2016-8707.html
   https://www.suse.com/security/cve/CVE-2016-8862.html
   https://www.suse.com/security/cve/CVE-2016-8866.html
   https://www.suse.com/security/cve/CVE-2016-9556.html
   https://www.suse.com/security/cve/CVE-2016-9773.html
   https://bugzilla.suse.com/1009318
   https://bugzilla.suse.com/1013376
   https://bugzilla.suse.com/1014159

openSUSE: 2016:3233-1: important: ImageMagick

December 22, 2016
An update that fixes 5 vulnerabilities is now available

Description

This security update for ImageMagick fixes the following issues: - a maliciously crafted compressed TIFF image could cause code remote code execution in the convert utility in particular circumstances (CVE-2016-8707, boo#1014159) - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318, follow up on CVE-2016-8862) - the identify utility could crash on maliciously crafted images (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1512=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i586 x86_64): ImageMagick-6.8.9.8-45.1 ImageMagick-debuginfo-6.8.9.8-45.1 ImageMagick-debugsource-6.8.9.8-45.1 ImageMagick-devel-6.8.9.8-45.1 ImageMagick-extra-6.8.9.8-45.1 ImageMagick-extra-debuginfo-6.8.9.8-45.1 libMagick++-6_Q16-5-6.8.9.8-45.1 libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1 libMagick++-devel-6.8.9.8-45.1 libMagickCore-6_Q16-2-6.8.9.8-45.1 libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1 libMagickWand-6_Q16-2-6.8.9.8-45.1 libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1 perl-PerlMagick-6.8.9.8-45.1 perl-PerlMagick-debuginfo-6.8.9.8-45.1 - openSUSE 13.2 (x86_64): ImageMagick-devel-32bit-6.8.9.8-45.1 libMagick++-6_Q16-5-32bit-6.8.9.8-45.1 libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1 libMagick++-devel-32bit-6.8.9.8-45.1 libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1 libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1 libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1 libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1 - openSUSE 13.2 (noarch): ImageMagick-doc-6.8.9.8-45.1


References

https://www.suse.com/security/cve/CVE-2016-8707.html https://www.suse.com/security/cve/CVE-2016-8862.html https://www.suse.com/security/cve/CVE-2016-8866.html https://www.suse.com/security/cve/CVE-2016-9556.html https://www.suse.com/security/cve/CVE-2016-9773.html https://bugzilla.suse.com/1009318 https://bugzilla.suse.com/1013376 https://bugzilla.suse.com/1014159


Severity
Announcement ID: openSUSE-SU-2016:3233-1
Rating: important
Affected Products: openSUSE 13.2 .

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved