Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

openSUSE Leap 42.3: 2017:2271-1 Important: ImageMagick Memory Leak

opensuse
Calendar Grey August 28, 2017
Dist Opensuse Esm H88
Addressing four critical concerns in ImageMagick for openSUSE is essential, focusing on enhancing system security and maintaining overall stability.
An update that fixes four vulnerabilities is now available

Description

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2017-9439: A memory leak was found in the function ReadPDBImage

incoders/pdb.c (bsc#1042826)

- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin

coders/psd.c (bsc#1042812)

- CVE-2017-9501: An assertion failure could cause a denial of service via

a crafted file (bsc#1043289)

- CVE-2017-11403: ReadMNGImage function in coders/png.c has an

out-of-order CloseBlob call, resulting in a use-after-free via acrafted

file (bsc#1049072)

This update was imported from the SUSE:SLE-12:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-971=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-971=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ImageMagick-6.8.8.1-34.1

ImageMagick-debuginfo-6.8.8.1-34.1

ImageMagick-debugsource-6.8.8.1-34.1

ImageMagick-devel-6.8.8.1-34.1

ImageMagick-extra-6.8.8.1-34.1

ImageMagick-extra-debuginfo-6.8.8.1-34.1

libMagick++-6_Q16-3-6.8.8.1-34.1

libMagick++-6_Q16-3-debuginfo-6.8.8.1-34.1

libMagick++-devel-6.8.8.1-34.1

libMagickCore-6_Q16-1-6.8.8.1-34.1

libMagickCore-6_Q16-1-debuginfo-6.8.8.1-34.1

libMagickWand-6_Q16-1-6.8.8.1-34.1

libMagickWand-6_Q16-1-debuginfo-6.8.8.1-34.1

perl-PerlMagick-6.8.8.1-34.1

perl-PerlMagick-debuginfo-6.8.8.1-34.1

- openSUSE Leap 42.3 (x86_64):

ImageMagick-devel-32bit-6.8.8.1-34.1

libMagick++-6_Q16-3-32bit-6.8.8.1-34.1

libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-34.1

libMagick++-devel-32bit-6.8.8.1-34.1

libMagickCore-6_Q16-1-32bit-6.8.8.1-34.1

libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-34.1

libMagickWand-6_Q16-1-32bit-6.8.8.1-34.1

libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-34.1

- openSUSE Leap 42.3 (noarch):

ImageMagick-doc-6.8.8.1-34.1

- openSUSE Leap...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-11403.html

https://www.suse.com/security/cve/CVE-2017-9439.html

https://www.suse.com/security/cve/CVE-2017-9440.html

https://www.suse.com/security/cve/CVE-2017-9501.html

https://bugzilla.suse.com/1042812

https://bugzilla.suse.com/1042826

https://bugzilla.suse.com/1043289

https://bugzilla.suse.com/1049072

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2271-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.