Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

openSUSE Leap 15.0: 2018:2503-1 Moderate: ImageMagick Memory Leak

opensuse
Calendar Grey August 25, 2018
Scroller Opensuse
A new version has been released for GIMP, resolving various security vulnerabilities and enhancing overall performance, promoting stability.
An update that solves four vulnerabilities and has one errata is now available.

Description

This update for ImageMagick fixes the following issues:

Security issues fixed:

* CVE-2018-14434: A memory leak for a colormap in WriteMPCImage

incoders/mpc.c was fixed. (bsc#1102003)

* CVE-2018-14435: A memory leak in DecodeImage in coders/pcd.c was fixed.

(bsc#1102007)

* CVE-2018-14436: A memory leak in ReadMIFFImage in coders/miff.c was

fixed. (bsc#1102005)

* CVE-2018-14437: A memory leak in parse8BIM in coders/meta.c was fixed.

(bsc#1102004)

Bug fix:

- bsc#1094741: Fix unexpected result with `convert -compose`.

This update was imported from the SUSE:SLE-15:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-925=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

ImageMagick-7.0.7.34-lp150.2.9.1

ImageMagick-debuginfo-7.0.7.34-lp150.2.9.1

ImageMagick-debugsource-7.0.7.34-lp150.2.9.1

ImageMagick-devel-7.0.7.34-lp150.2.9.1

ImageMagick-extra-7.0.7.34-lp150.2.9.1

ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.9.1

libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.9.1

libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.9.1

libMagick++-devel-7.0.7.34-lp150.2.9.1

libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.9.1

libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.9.1

libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.9.1

libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.9.1

perl-PerlMagick-7.0.7.34-lp150.2.9.1

perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.9.1

- openSUSE Leap 15.0 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp150.2.9.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.9.1

libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.9.1

libMagick++-devel-32bit-7.0.7.34-lp150.2.9.1

libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.9.1

libMagickCore-7_Q16HDRI6-32bit...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-14434.html

https://www.suse.com/security/cve/CVE-2018-14435.html

https://www.suse.com/security/cve/CVE-2018-14436.html

https://www.suse.com/security/cve/CVE-2018-14437.html

https://bugzilla.suse.com/1094741

https://bugzilla.suse.com/1102003

https://bugzilla.suse.com/1102004

https://bugzilla.suse.com/1102005

https://bugzilla.suse.com/1102007

--

Announcement ID: openSUSE-SU-2018:2503-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.