Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

openSUSE Leap 15.0: 2019:1331-1 Moderate: ImageMagick Buffer Overflows

opensuse
Calendar Grey May 4, 2019
Dist Opensuse Esm H88
The recent update of ImageMagick for openSUSE resolves several security vulnerabilities, enhancing the resilience of your system against potential threats.
An update that solves four vulnerabilities and has one errata is now available.

Description

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel()

(bsc#1130330).

- CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage()

(bsc#1131317).

- CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage()

(bsc#1132060).

- CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage()

(bsc#1132054).

- Added extra -config- packages with Postscript/EPS/PDF readers still

enabled.

Removing the PS decoders is used to harden ImageMagick against security

issues within ghostscript. Enabling them might impact security.

(bsc#1122033)

These are two packages that can be selected:

- ImageMagick-config-7-SUSE: This has the PS decoders disabled.

- ImageMagick-config-7-upstream: This has the PS decoders enabled.

Depending on your local needs install either one of them. The default is

the...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1331=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

ImageMagick-7.0.7.34-lp150.2.29.1

ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.29.1

ImageMagick-config-7-upstream-7.0.7.34-lp150.2.29.1

ImageMagick-debuginfo-7.0.7.34-lp150.2.29.1

ImageMagick-debugsource-7.0.7.34-lp150.2.29.1

ImageMagick-devel-7.0.7.34-lp150.2.29.1

ImageMagick-extra-7.0.7.34-lp150.2.29.1

ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.29.1

libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.29.1

libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.29.1

libMagick++-devel-7.0.7.34-lp150.2.29.1

libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.29.1

libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.29.1

libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.29.1

libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.29.1

perl-PerlMagick-7.0.7.34-lp150.2.29.1

perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.29.1

- openSUSE Leap 15.0 (noarch):

ImageMagick-doc-7.0.7.34-lp150.2.29.1

- openSUSE Leap 15.0 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp150.2.29.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.29.1

li...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-10650.html

https://www.suse.com/security/cve/CVE-2019-11007.html

https://www.suse.com/security/cve/CVE-2019-11008.html

https://www.suse.com/security/cve/CVE-2019-9956.html

https://bugzilla.suse.com/1122033

https://bugzilla.suse.com/1130330

https://bugzilla.suse.com/1131317

https://bugzilla.suse.com/1132054

https://bugzilla.suse.com/1132060

--

Announcement ID: openSUSE-SU-2019:1331-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.