Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

openSUSE Leap 42.3: 2018-3203-1 Moderate: ImageMagick DoS Threats

opensuse
Calendar Grey October 17, 2018
Dist Opensuse Esm H88
Security notice regarding openSUSE's ImageMagick patches targeting several severe vulnerabilities and concerns over memory leak incidents.
An update that solves 9 vulnerabilities and has one errata is now available.

Description

This update for ImageMagick fixes the following security issues:

- CVE-2017-11532: Prevent a memory leak vulnerability in the

WriteMPCImage() function in coders/mpc.c via a crafted file allowing for

DoS (bsc#1050129)

- CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function

(bsc#1108283)

- CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed

an attacker to cause a denial of service (WriteBlob assertion failure

and application exit) via a crafted file (bsc#1108282)

- CVE-2018-16642: The function InsertRow allowed remote attackers to cause

a denial of service via a crafted image file due to an out-of-bounds

write (bsc#1107616)

- CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage

(bsc#1107619)

- CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage,

and ReadPICTImage did check the return value of the fputc function,

which allowed remote...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate DoS patch memory leak ImageMagick openSUSE Leap

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1181=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ImageMagick-6.8.8.1-70.2

ImageMagick-debuginfo-6.8.8.1-70.2

ImageMagick-debugsource-6.8.8.1-70.2

ImageMagick-devel-6.8.8.1-70.2

ImageMagick-extra-6.8.8.1-70.2

ImageMagick-extra-debuginfo-6.8.8.1-70.2

libMagick++-6_Q16-3-6.8.8.1-70.2

libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.2

libMagick++-devel-6.8.8.1-70.2

libMagickCore-6_Q16-1-6.8.8.1-70.2

libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.2

libMagickWand-6_Q16-1-6.8.8.1-70.2

libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.2

perl-PerlMagick-6.8.8.1-70.2

perl-PerlMagick-debuginfo-6.8.8.1-70.2

- openSUSE Leap 42.3 (x86_64):

ImageMagick-devel-32bit-6.8.8.1-70.2

libMagick++-6_Q16-3-32bit-6.8.8.1-70.2

libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-70.2

libMagick++-devel-32bit-6.8.8.1-70.2

libMagickCore-6_Q16-1-32bit-6.8.8.1-70.2

libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.2

libMagickWand-6_Q16-1-32bit-6.8.8.1-70.2

libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-70.2

- openSUSE Leap 42.3 (noarch):

ImageMagick-doc-6.8.8.1-70.2

References

https://www.suse.com/security/cve/CVE-2017-11532.html

https://www.suse.com/security/cve/CVE-2018-16413.html

https://www.suse.com/security/cve/CVE-2018-16640.html

https://www.suse.com/security/cve/CVE-2018-16642.html

https://www.suse.com/security/cve/CVE-2018-16643.html

https://www.suse.com/security/cve/CVE-2018-16644.html

https://www.suse.com/security/cve/CVE-2018-16645.html

https://www.suse.com/security/cve/CVE-2018-16749.html

https://www.suse.com/security/cve/CVE-2018-16750.html

https://bugzilla.suse.com/1050129

https://bugzilla.suse.com/1105592

https://bugzilla.suse.com/1106989

https://bugzilla.suse.com/1107604

https://bugzilla.suse.com/1107609

https://bugzilla.suse.com/1107612

https://bugzilla.suse.com/1107616

https://bugzilla.suse.com/1107619

https://bugzilla.suse.com/1108282

https://bugzilla.suse.com/1108283

--

Announcement ID: openSUSE-SU-2018:3203-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory moderate DoS patch memory leak ImageMagick openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here