Linux Security
    Linux Security
    Linux Security

    openSUSE: 2021:0148-1 moderate: ImageMagick

    Date 24 Jan 2021
    234
    Posted By LinuxSecurity Advisories
    An update that fixes 35 vulnerabilities is now available.
    
       openSUSE Security Update: Security update for ImageMagick
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2021:0148-1
    Rating:             moderate
    References:         #1179103 #1179202 #1179208 #1179212 #1179221 
                        #1179223 #1179240 #1179244 #1179260 #1179268 
                        #1179269 #1179276 #1179278 #1179281 #1179285 
                        #1179311 #1179312 #1179313 #1179315 #1179317 
                        #1179321 #1179322 #1179327 #1179333 #1179336 
                        #1179338 #1179339 #1179343 #1179345 #1179346 
                        #1179347 #1179361 #1179362 #1179397 #1179753 
                        
    Cross-References:   CVE-2020-19667 CVE-2020-25664 CVE-2020-25665
                        CVE-2020-25666 CVE-2020-25674 CVE-2020-25675
                        CVE-2020-25676 CVE-2020-27750 CVE-2020-27751
                        CVE-2020-27752 CVE-2020-27753 CVE-2020-27754
                        CVE-2020-27755 CVE-2020-27756 CVE-2020-27757
                        CVE-2020-27758 CVE-2020-27759 CVE-2020-27760
                        CVE-2020-27761 CVE-2020-27762 CVE-2020-27763
                        CVE-2020-27764 CVE-2020-27765 CVE-2020-27766
                        CVE-2020-27767 CVE-2020-27768 CVE-2020-27769
                        CVE-2020-27770 CVE-2020-27771 CVE-2020-27772
                        CVE-2020-27773 CVE-2020-27774 CVE-2020-27775
                        CVE-2020-27776 CVE-2020-29599
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes 35 vulnerabilities is now available.
    
    Description:
    
       This update for ImageMagick fixes the following issues:
    
       - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result
         in a crash (bsc#1179103).
       - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel
         (bsc#1179202).
       - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage
         (bsc#1179208).
       - CVE-2020-25666: Fixed an outside the range of representable values of
         type 'int' and signed integer overflow (bsc#1179212).
       - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage
         (bsc#1179223).
       - CVE-2020-25675: Fixed an outside the range of representable values of
         type 'long' and integer overflow (bsc#1179240).
       - CVE-2020-25676: Fixed an outside the range of representable values of
         type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
       - CVE-2020-27750: Fixed a division by zero in
         MagickCore/colorspace-private.h (bsc#1179260).
       - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c
         (bsc#1179269).
       - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in
         MagickCore/quantum-private.h (bsc#1179346).
       - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function
         (bsc#1179397).
       - CVE-2020-27754: Fixed an outside the range of representable values of
         type 'long' and signed integer overflow at MagickCore/quantize.c
         (bsc#1179336).
       - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in
         ImageMagick/MagickCore/memory.c (bsc#1179345).
       - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c
         (bsc#1179221).
       - CVE-2020-27757: Fixed an outside the range of representable values of
         type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
       - CVE-2020-27758: Fixed an outside the range of representable values of
         type 'unsigned long long' (bsc#1179276).
       - CVE-2020-27759: Fixed an outside the range of representable values of
         type 'int' at MagickCore/quantize.c (bsc#1179313).
       - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c
         (bsc#1179281).
       - CVE-2020-27761: Fixed an outside the range of representable values of
         type 'unsigned long' at coders/palm.c (bsc#1179315).
       - CVE-2020-27762: Fixed an outside the range of representable values of
         type 'unsigned char' (bsc#1179278).
       - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c
         (bsc#1179312).
       - CVE-2020-27764: Fixed an outside the range of representable values of
         type 'unsigned long' at MagickCore/statistic.c (bsc#1179317).
       - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c
         (bsc#1179311).
       - CVE-2020-27766: Fixed an outside the range of representable values of
         type 'unsigned long' at MagickCore/statistic.c (bsc#1179361).
       - CVE-2020-27767: Fixed an outside the range of representable values of
         type 'float' at MagickCore/quantum.h (bsc#1179322).
       - CVE-2020-27768: Fixed an outside the range of representable values of
         type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
       - CVE-2020-27769: Fixed an outside the range of representable values of
         type 'float' at MagickCore/quantize.c (bsc#1179321).
       - CVE-2020-27770: Fixed an unsigned offset overflowed at
         MagickCore/string.c (bsc#1179343).
       - CVE-2020-27771: Fixed an outside the range of representable values of
         type 'unsigned char' at coders/pdf.c (bsc#1179327).
       - CVE-2020-27772: Fixed an outside the range of representable values of
         type 'unsigned int' at coders/bmp.c (bsc#1179347).
       - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h
         (bsc#1179285).
       - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c
         (bsc#1179333).
       - CVE-2020-27775: Fixed an outside the range of representable values of
         type 'unsigned char' at MagickCore/quantum.h (bsc#1179338).
       - CVE-2020-27776: Fixed an outside the range of representable values of
         type 'unsigned long' at MagickCore/statistic.c (bsc#1179362).
       - CVE-2020-29599: Fixed a shell command injection in -authenticate
         (bsc#1179753).
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2021-148=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          ImageMagick-7.0.7.34-lp151.7.26.1
          ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.26.1
          ImageMagick-config-7-upstream-7.0.7.34-lp151.7.26.1
          ImageMagick-debuginfo-7.0.7.34-lp151.7.26.1
          ImageMagick-debugsource-7.0.7.34-lp151.7.26.1
          ImageMagick-devel-7.0.7.34-lp151.7.26.1
          ImageMagick-extra-7.0.7.34-lp151.7.26.1
          ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.26.1
          libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.26.1
          libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.26.1
          libMagick++-devel-7.0.7.34-lp151.7.26.1
          libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.26.1
          libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.26.1
          libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.26.1
          libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.26.1
          perl-PerlMagick-7.0.7.34-lp151.7.26.1
          perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.26.1
    
       - openSUSE Leap 15.1 (noarch):
    
          ImageMagick-doc-7.0.7.34-lp151.7.26.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          ImageMagick-devel-32bit-7.0.7.34-lp151.7.26.1
          libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.26.1
          libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp151.7.26.1
          libMagick++-devel-32bit-7.0.7.34-lp151.7.26.1
          libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.26.1
          libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.26.1
          libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.26.1
          libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.26.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-19667.html
       https://www.suse.com/security/cve/CVE-2020-25664.html
       https://www.suse.com/security/cve/CVE-2020-25665.html
       https://www.suse.com/security/cve/CVE-2020-25666.html
       https://www.suse.com/security/cve/CVE-2020-25674.html
       https://www.suse.com/security/cve/CVE-2020-25675.html
       https://www.suse.com/security/cve/CVE-2020-25676.html
       https://www.suse.com/security/cve/CVE-2020-27750.html
       https://www.suse.com/security/cve/CVE-2020-27751.html
       https://www.suse.com/security/cve/CVE-2020-27752.html
       https://www.suse.com/security/cve/CVE-2020-27753.html
       https://www.suse.com/security/cve/CVE-2020-27754.html
       https://www.suse.com/security/cve/CVE-2020-27755.html
       https://www.suse.com/security/cve/CVE-2020-27756.html
       https://www.suse.com/security/cve/CVE-2020-27757.html
       https://www.suse.com/security/cve/CVE-2020-27758.html
       https://www.suse.com/security/cve/CVE-2020-27759.html
       https://www.suse.com/security/cve/CVE-2020-27760.html
       https://www.suse.com/security/cve/CVE-2020-27761.html
       https://www.suse.com/security/cve/CVE-2020-27762.html
       https://www.suse.com/security/cve/CVE-2020-27763.html
       https://www.suse.com/security/cve/CVE-2020-27764.html
       https://www.suse.com/security/cve/CVE-2020-27765.html
       https://www.suse.com/security/cve/CVE-2020-27766.html
       https://www.suse.com/security/cve/CVE-2020-27767.html
       https://www.suse.com/security/cve/CVE-2020-27768.html
       https://www.suse.com/security/cve/CVE-2020-27769.html
       https://www.suse.com/security/cve/CVE-2020-27770.html
       https://www.suse.com/security/cve/CVE-2020-27771.html
       https://www.suse.com/security/cve/CVE-2020-27772.html
       https://www.suse.com/security/cve/CVE-2020-27773.html
       https://www.suse.com/security/cve/CVE-2020-27774.html
       https://www.suse.com/security/cve/CVE-2020-27775.html
       https://www.suse.com/security/cve/CVE-2020-27776.html
       https://www.suse.com/security/cve/CVE-2020-29599.html
       https://bugzilla.suse.com/1179103
       https://bugzilla.suse.com/1179202
       https://bugzilla.suse.com/1179208
       https://bugzilla.suse.com/1179212
       https://bugzilla.suse.com/1179221
       https://bugzilla.suse.com/1179223
       https://bugzilla.suse.com/1179240
       https://bugzilla.suse.com/1179244
       https://bugzilla.suse.com/1179260
       https://bugzilla.suse.com/1179268
       https://bugzilla.suse.com/1179269
       https://bugzilla.suse.com/1179276
       https://bugzilla.suse.com/1179278
       https://bugzilla.suse.com/1179281
       https://bugzilla.suse.com/1179285
       https://bugzilla.suse.com/1179311
       https://bugzilla.suse.com/1179312
       https://bugzilla.suse.com/1179313
       https://bugzilla.suse.com/1179315
       https://bugzilla.suse.com/1179317
       https://bugzilla.suse.com/1179321
       https://bugzilla.suse.com/1179322
       https://bugzilla.suse.com/1179327
       https://bugzilla.suse.com/1179333
       https://bugzilla.suse.com/1179336
       https://bugzilla.suse.com/1179338
       https://bugzilla.suse.com/1179339
       https://bugzilla.suse.com/1179343
       https://bugzilla.suse.com/1179345
       https://bugzilla.suse.com/1179346
       https://bugzilla.suse.com/1179347
       https://bugzilla.suse.com/1179361
       https://bugzilla.suse.com/1179362
       https://bugzilla.suse.com/1179397
       https://bugzilla.suse.com/1179753
    

    LinuxSecurity Poll

    Which is the best secure Linux distro for pentesting?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/50-which-is-the-best-secure-linux-distro-for-pentesting?task=poll.vote&format=json
    50
    radio
    [{"id":"174","title":"Kali Linux","votes":"9","type":"x","order":"1","pct":56.25,"resources":[]},{"id":"175","title":"Parrot OS","votes":"7","type":"x","order":"2","pct":43.75,"resources":[]},{"id":"176","title":"BlackArch Linux","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.