Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

openSUSE: 2018-0025-1 important: ImageMagick Denial Of Service

opensuse
Calendar Grey January 5, 2018
Dist Opensuse Esm H88
A crucial software patch for ImageMagick tackles eight significant vulnerabilities to enhance security for openSUSE platforms.
An update that fixes 9 vulnerabilities is now available

Description

This update for ImageMagick fixes the following issues:

- security update (xcf.c):

* CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead

to denial of service via a crafted file. CVE-2017-12691: The

ReadOneLayer function in coders/xcf.c allows remote attackers to cause

a denial of service (memory consumption) via a crafted file.

[bsc#1058422]

- security update (pnm.c):

* CVE-2017-14042: A memory allocation failure was discovered in the

ReadPNMImage function in coders/pnm.c and could lead to remote denial

of service [bsc#1056550]

- security update (psd.c):

* CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial

of service (application crash) or possibly have unspecified other

impact via a crafted file [bsc#1063049]

* CVE-2017-13061: A length-validation vulnerability was found in the

function ReadPSDLayersInternal in coders/psd.c, which allows attackers ...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-7=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2018-7=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ImageMagick-6.8.8.1-43.1

ImageMagick-debuginfo-6.8.8.1-43.1

ImageMagick-debugsource-6.8.8.1-43.1

ImageMagick-devel-6.8.8.1-43.1

ImageMagick-extra-6.8.8.1-43.1

ImageMagick-extra-debuginfo-6.8.8.1-43.1

libMagick++-6_Q16-3-6.8.8.1-43.1

libMagick++-6_Q16-3-debuginfo-6.8.8.1-43.1

libMagick++-devel-6.8.8.1-43.1

libMagickCore-6_Q16-1-6.8.8.1-43.1

libMagickCore-6_Q16-1-debuginfo-6.8.8.1-43.1

libMagickWand-6_Q16-1-6.8.8.1-43.1

libMagickWand-6_Q16-1-debuginfo-6.8.8.1-43.1

perl-PerlMagick-6.8.8.1-43.1

perl-PerlMagick-debuginfo-6.8.8.1-43.1

- openSUSE Leap 42.3 (noarch):

ImageMagick-doc-6.8.8.1-43.1

- openSUSE Leap 42.3 (x86_64):

ImageMagick-devel-32bit-6.8.8.1-43.1

libMagick++-6_Q16-3-32bit-6.8.8.1-43.1

libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-43.1

libMagick++-devel-32bit-6.8.8.1-43.1

libMagickCore-6_Q16-1-32bit-6.8.8.1-43.1

libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-43.1

libMagickWand-6_Q16-1-32bit-6.8.8.1-43.1

libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-43.1

- openSUSE Leap...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-12563.html

https://www.suse.com/security/cve/CVE-2017-12691.html

https://www.suse.com/security/cve/CVE-2017-13061.html

https://www.suse.com/security/cve/CVE-2017-14042.html

https://www.suse.com/security/cve/CVE-2017-14174.html

https://www.suse.com/security/cve/CVE-2017-14343.html

https://www.suse.com/security/cve/CVE-2017-15277.html

https://www.suse.com/security/cve/CVE-2017-15281.html

https://bugzilla.suse.com/1052460

https://bugzilla.suse.com/1055053

https://bugzilla.suse.com/1055063

https://bugzilla.suse.com/1056550

https://bugzilla.suse.com/1057723

https://bugzilla.suse.com/1058422

https://bugzilla.suse.com/1063049

https://bugzilla.suse.com/1063050

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0025-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.