Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE Leap 15.1: 2019:2515-1 Moderate: ImageMagick DoS and Memory Issues

opensuse
Calendar Grey November 15, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for ImageMagick __________________________________________
An update that fixes 11 vulnerabilities is now available.

Description

This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage

(bsc#1146213).

- CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser

(bsc#1146212).

- CVE-2019-15141: Fixed a divide-by-zero vulnerability in the

MeanShiftImage function (bsc#1146211).

- CVE-2019-14980: Fixed an application crash resulting from a heap-based

buffer over-read in WriteTIFFImage (bsc#1146068).

- CVE-2019-14981: Fixed a use after free in the UnmapBlob function

(bsc#1146065).

- CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781).

- CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782).

- CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783).

- CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in

coders/ps2.c (bsc#1151784).

- CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2515=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

ImageMagick-7.0.7.34-lp151.7.12.1

ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.12.1

ImageMagick-config-7-upstream-7.0.7.34-lp151.7.12.1

ImageMagick-debuginfo-7.0.7.34-lp151.7.12.1

ImageMagick-debugsource-7.0.7.34-lp151.7.12.1

ImageMagick-devel-7.0.7.34-lp151.7.12.1

ImageMagick-extra-7.0.7.34-lp151.7.12.1

ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.12.1

libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.12.1

libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.12.1

libMagick++-devel-7.0.7.34-lp151.7.12.1

libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.12.1

libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.12.1

libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.12.1

libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.12.1

perl-PerlMagick-7.0.7.34-lp151.7.12.1

perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.12.1

- openSUSE Leap 15.1 (noarch):

ImageMagick-doc-7.0.7.34-lp151.7.12.1

- openSUSE Leap 15.1 (x86_64):

ImageMagick-devel-32bit-7.0.7.34-lp151.7.12.1

libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.12.1

li...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-14980.html

https://www.suse.com/security/cve/CVE-2019-14981.html

https://www.suse.com/security/cve/CVE-2019-15139.html

https://www.suse.com/security/cve/CVE-2019-15140.html

https://www.suse.com/security/cve/CVE-2019-15141.html

https://www.suse.com/security/cve/CVE-2019-16708.html

https://www.suse.com/security/cve/CVE-2019-16709.html

https://www.suse.com/security/cve/CVE-2019-16710.html

https://www.suse.com/security/cve/CVE-2019-16711.html

https://www.suse.com/security/cve/CVE-2019-16712.html

https://www.suse.com/security/cve/CVE-2019-16713.html

https://bugzilla.suse.com/1146065

https://bugzilla.suse.com/1146068

https://bugzilla.suse.com/1146211

https://bugzilla.suse.com/1146212

https://bugzilla.suse.com/1146213

https://bugzilla.suse.com/1151781

https://bugzilla.suse.com/1151782

https://bugzilla.suse.com/1151783

https://bugzilla.suse.com/1151784

https://bugzilla.suse.com/1151785

https://bugzilla.suse.com/1151786

--

Announcement ID: openSUSE-SU-2019:2515-1
Rating: moderate
Affected Products: openSUSE Leap 15.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.