openSUSE: 2019:1983-1: moderate: ImageMagick

    Date21 Aug 2019
    CategoryopenSUSE
    327
    Posted ByLinuxSecurity Advisories
    An update that fixes 30 vulnerabilities is now available.
       openSUSE Security Update: Security update for ImageMagick
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1983-1
    Rating:             moderate
    References:         #1139884 #1139885 #1139886 #1140100 #1140102 
                        #1140103 #1140104 #1140105 #1140106 #1140110 
                        #1140111 #1140501 #1140513 #1140520 #1140534 
                        #1140538 #1140543 #1140545 #1140547 #1140549 
                        #1140552 #1140554 #1140664 #1140665 #1140666 
                        #1140667 #1140668 #1140669 #1140673 #1141171 
                        
    Cross-References:   CVE-2019-12974 CVE-2019-12975 CVE-2019-12976
                        CVE-2019-12977 CVE-2019-12978 CVE-2019-12979
                        CVE-2019-13133 CVE-2019-13134 CVE-2019-13135
                        CVE-2019-13136 CVE-2019-13137 CVE-2019-13295
                        CVE-2019-13296 CVE-2019-13297 CVE-2019-13298
                        CVE-2019-13299 CVE-2019-13300 CVE-2019-13301
                        CVE-2019-13302 CVE-2019-13303 CVE-2019-13304
                        CVE-2019-13305 CVE-2019-13306 CVE-2019-13307
                        CVE-2019-13308 CVE-2019-13309 CVE-2019-13310
                        CVE-2019-13311 CVE-2019-13391 CVE-2019-13454
                       
    Affected Products:
                        openSUSE Leap 15.1
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that fixes 30 vulnerabilities is now available.
    
    Description:
    
       This update for ImageMagick fixes the following issues:
    
       - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory()
         (bsc#1140554).
       - CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to
         mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520).
       - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an
         error in MagickWand/mogrify.c (bsc#1140501).
       - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a
         wand/mogrify.c error (bsc#1140513).
       - CVE-2019-13303: Fixed a heap-based buffer over-read in
         MagickCore/composite.c in CompositeImage (bsc#1140549).
       - CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an
         error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665).
       - CVE-2019-13299: Fixed a heap-based buffer over-read at
         MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668).
       - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in
         MagickCore/layer.c (bsc#1141171).
       - CVE-2019-13295: Fixed a heap-based buffer over-read at
         MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).
       - CVE-2019-13297: Fixed a heap-based buffer over-read at
         MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).
       - CVE-2019-12979: Fixed the use of uninitialized values in
         SyncImageSettings() (bsc#1139886).
       - CVE-2019-13391: Fixed a heap-based buffer over-read in
         MagickCore/fourier.c (bsc#1140673).
       - CVE-2019-13308: Fixed a heap-based buffer overflow in
         MagickCore/fourier.c (bsc#1140534).
       - CVE-2019-13302: Fixed a heap-based buffer over-read in
         MagickCore/fourier.c in ComplexImages (bsc#1140552).
       - CVE-2019-13298: Fixed a heap-based buffer overflow at
         MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667).
       - CVE-2019-13300: Fixed a heap-based buffer overflow at
         MagickCore/statistic.c in EvaluateImages (bsc#1140669).
       - CVE-2019-13307: Fixed a heap-based buffer overflow at
         MagickCore/statistic.c (bsc#1140538).
       - CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag()
         (bsc#1139884).
       - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in
         coders/dpx.c (bsc#1140106).
       - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage()
         (bsc#1140103).
       - CVE-2019-12978: Fixed the use of uninitialized values in
         ReadPANGOImage() (bsc#1139885).
       - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage()
         (bsc#1140111).
       - CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in
         WritePNMImage (bsc#1140547).
       - CVE-2019-13305: Fixed one more stack-based buffer overflow at
         coders/pnm.c in WritePNMImage (bsc#1140545).
       - CVE-2019-13306: Fixed an additional stack-based buffer overflow at
         coders/pnm.c in WritePNMImage (bsc#1140543).
       - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).
       - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).
       - CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105).
       - CVE-2019-13136: Fixed a integer overflow vulnerability in the
         TIFFSeekCustomStream() (bsc#1140104).
       - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in
         coders/pcl.c(bsc#1140110).
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-1983=1
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-1983=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          ImageMagick-7.0.7.34-lp151.7.9.1
          ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.9.1
          ImageMagick-config-7-upstream-7.0.7.34-lp151.7.9.1
          ImageMagick-debuginfo-7.0.7.34-lp151.7.9.1
          ImageMagick-debugsource-7.0.7.34-lp151.7.9.1
          ImageMagick-devel-7.0.7.34-lp151.7.9.1
          ImageMagick-extra-7.0.7.34-lp151.7.9.1
          ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.9.1
          libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.9.1
          libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.9.1
          libMagick++-devel-7.0.7.34-lp151.7.9.1
          libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.9.1
          libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.9.1
          libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.9.1
          libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.9.1
          perl-PerlMagick-7.0.7.34-lp151.7.9.1
          perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.9.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          ImageMagick-devel-32bit-7.0.7.34-lp151.7.9.1
          libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.9.1
          libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp151.7.9.1
          libMagick++-devel-32bit-7.0.7.34-lp151.7.9.1
          libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9.1
          libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.9.1
          libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9.1
          libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.9.1
    
       - openSUSE Leap 15.1 (noarch):
    
          ImageMagick-doc-7.0.7.34-lp151.7.9.1
    
       - openSUSE Leap 15.0 (i586 x86_64):
    
          ImageMagick-7.0.7.34-lp150.2.38.1
          ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.38.1
          ImageMagick-config-7-upstream-7.0.7.34-lp150.2.38.1
          ImageMagick-debuginfo-7.0.7.34-lp150.2.38.1
          ImageMagick-debugsource-7.0.7.34-lp150.2.38.1
          ImageMagick-devel-7.0.7.34-lp150.2.38.1
          ImageMagick-extra-7.0.7.34-lp150.2.38.1
          ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.38.1
          libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.38.1
          libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.38.1
          libMagick++-devel-7.0.7.34-lp150.2.38.1
          libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.38.1
          libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.38.1
          libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.38.1
          libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.38.1
          perl-PerlMagick-7.0.7.34-lp150.2.38.1
          perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.38.1
    
       - openSUSE Leap 15.0 (x86_64):
    
          ImageMagick-devel-32bit-7.0.7.34-lp150.2.38.1
          libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.38.1
          libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.38.1
          libMagick++-devel-32bit-7.0.7.34-lp150.2.38.1
          libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.38.1
          libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.38.1
          libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.38.1
          libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.38.1
    
       - openSUSE Leap 15.0 (noarch):
    
          ImageMagick-doc-7.0.7.34-lp150.2.38.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-12974.html
       https://www.suse.com/security/cve/CVE-2019-12975.html
       https://www.suse.com/security/cve/CVE-2019-12976.html
       https://www.suse.com/security/cve/CVE-2019-12977.html
       https://www.suse.com/security/cve/CVE-2019-12978.html
       https://www.suse.com/security/cve/CVE-2019-12979.html
       https://www.suse.com/security/cve/CVE-2019-13133.html
       https://www.suse.com/security/cve/CVE-2019-13134.html
       https://www.suse.com/security/cve/CVE-2019-13135.html
       https://www.suse.com/security/cve/CVE-2019-13136.html
       https://www.suse.com/security/cve/CVE-2019-13137.html
       https://www.suse.com/security/cve/CVE-2019-13295.html
       https://www.suse.com/security/cve/CVE-2019-13296.html
       https://www.suse.com/security/cve/CVE-2019-13297.html
       https://www.suse.com/security/cve/CVE-2019-13298.html
       https://www.suse.com/security/cve/CVE-2019-13299.html
       https://www.suse.com/security/cve/CVE-2019-13300.html
       https://www.suse.com/security/cve/CVE-2019-13301.html
       https://www.suse.com/security/cve/CVE-2019-13302.html
       https://www.suse.com/security/cve/CVE-2019-13303.html
       https://www.suse.com/security/cve/CVE-2019-13304.html
       https://www.suse.com/security/cve/CVE-2019-13305.html
       https://www.suse.com/security/cve/CVE-2019-13306.html
       https://www.suse.com/security/cve/CVE-2019-13307.html
       https://www.suse.com/security/cve/CVE-2019-13308.html
       https://www.suse.com/security/cve/CVE-2019-13309.html
       https://www.suse.com/security/cve/CVE-2019-13310.html
       https://www.suse.com/security/cve/CVE-2019-13311.html
       https://www.suse.com/security/cve/CVE-2019-13391.html
       https://www.suse.com/security/cve/CVE-2019-13454.html
       https://bugzilla.suse.com/1139884
       https://bugzilla.suse.com/1139885
       https://bugzilla.suse.com/1139886
       https://bugzilla.suse.com/1140100
       https://bugzilla.suse.com/1140102
       https://bugzilla.suse.com/1140103
       https://bugzilla.suse.com/1140104
       https://bugzilla.suse.com/1140105
       https://bugzilla.suse.com/1140106
       https://bugzilla.suse.com/1140110
       https://bugzilla.suse.com/1140111
       https://bugzilla.suse.com/1140501
       https://bugzilla.suse.com/1140513
       https://bugzilla.suse.com/1140520
       https://bugzilla.suse.com/1140534
       https://bugzilla.suse.com/1140538
       https://bugzilla.suse.com/1140543
       https://bugzilla.suse.com/1140545
       https://bugzilla.suse.com/1140547
       https://bugzilla.suse.com/1140549
       https://bugzilla.suse.com/1140552
       https://bugzilla.suse.com/1140554
       https://bugzilla.suse.com/1140664
       https://bugzilla.suse.com/1140665
       https://bugzilla.suse.com/1140666
       https://bugzilla.suse.com/1140667
       https://bugzilla.suse.com/1140668
       https://bugzilla.suse.com/1140669
       https://bugzilla.suse.com/1140673
       https://bugzilla.suse.com/1141171
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":54.17,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16.67,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.