Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Enterprise Linux 7: ImageMagick Security Update RHSA-2020-1180-01

red hat
Calendar Grey March 31, 2020
Dist Redhat Esm H88
Stay informed about the recent Red Hat advisory detailing critical security enhancements and bug corrections relevant to ImageMagick in enterprise environments.
An update for ImageMagick, autotrace, emacs, and inkscape is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.
The following packages have been upgraded to a later upstream version: ImageMagick (6.9.10.68). (BZ#1764595)
Security Fix(es):
* ImageMagick: multiple security vulnerabilities (CVE-2018-12599, CVE-2018-12600, CVE-2019-9956, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-17540, CVE-2019-17541, CVE-2019-19948, CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000476, CVE-2018-8804, CVE-2018-9133, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805, CVE-2018-11656, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-20467, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-12975, CVE-2019-12976, CVE-2019-13133, CVE-2019-13134, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980, CVE-2019-14981, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-19949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory denial of service security update Red Hat bug fix Moderate ImageMagick

References

https://access.redhat.com/security/cve/CVE-2017-11166 https://access.redhat.com/security/cve/CVE-2017-12805 https://access.redhat.com/security/cve/CVE-2017-12806 https://access.redhat.com/security/cve/CVE-2017-18251 https://access.redhat.com/security/cve/CVE-2017-18252 https://access.redhat.com/security/cve/CVE-2017-18254 https://access.redhat.com/security/cve/CVE-2017-18271 https://access.redhat.com/security/cve/CVE-2017-18273 https://access.redhat.com/security/cve/CVE-2017-1000476 https://access.redhat.com/security/cve/CVE-2018-8804 https://access.redhat.com/security/cve/CVE-2018-9133 https://access.redhat.com/security/cve/CVE-2018-10177 https://access.redhat.com/security/cve/CVE-2018-10804 https://access.redhat.com/security/cve/CVE-2018-10805 https://access.redhat.com/security/cve/CVE-2018-11656 https://access.redhat.com/security/cve/CVE-2018-12599 https://access.redhat.com/security/cve/CVE-2018-12600 https://access.redhat.com/security/cve/CVE-2018-13153 https://access.redhat.com/security/cve/CVE-2018-14434 https://access.redhat.com/security/cve/CVE-2018-14435 https://access.redhat.com/security/cve/CVE-2018-14436 https://access.redhat.com/security/cve/CVE-2018-14437 https://access.redhat.com/security/cve/CVE-2018-15607 Read the Full Advisory

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: ImageMagick-6.9.10.68-3.el7.src.rpm emacs-24.3-23.el7.src.rpm inkscape-0.92.2-3.el7.src.rpm
noarch: emacs-filesystem-24.3-23.el7.noarch.rpm
x86_64: ImageMagick-6.9.10.68-3.el7.i686.rpm ImageMagick-6.9.10.68-3.el7.x86_64.rpm ImageMagick-c++-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm emacs-24.3-23.el7.x86_64.rpm emacs-common-24.3-23.el7.x86_64.rpm emacs-debuginfo-24.3-23.el7.x86_64.rpm emacs-nox-24.3-23.el7.x86_64.rpm inkscape-0.92.2-3.el7.x86_64.rpm inkscape-debuginfo-0.92.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: autotrace-0.31.1-38.el7.src.rpm
noarch: emacs-el-24.3-23.el7.noarch.rpm emacs-terminal-24.3-23.el7.noarch.rpm
x86_64: ImageMagick-c++-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-c++-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.i686.rpm ImageMagick-debuginfo-6.9.10.68-3.el7.x86_64.rpm ImageMagick-devel-6.9.10.68-3.el7.i686.rpm ImageMagick-devel-6.9.10.68-3.el7.x86_64.rpm ImageMagick-doc-6.9.10.68-3.el7.x86_64.rpm ImageMagick-perl-6.9.10.68-3.el7.x86_64.rpm autotrace-0.31.1-38.el7.i686.rpm autotrace-0.31.1-38.el7.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2020:1180-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1180
Issue date: 2020-03-31

Topic

An update for ImageMagick, autotrace, emacs, and inkscape is now availablefor Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service security update Red Hat bug fix Moderate ImageMagick

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1532845 - CVE-2017-1000476 ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c

1559892 - CVE-2018-8804 ImageMagick: double free in WriteEPTImage function in coders/ept.c

1561741 - CVE-2017-18251 ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c

1561742 - CVE-2017-18252 ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c

1561744 - CVE-2017-18254 ImageMagick: memory leak in WriteGIFImage function in coders/gif.c

1563875 - CVE-2018-9133 ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c

1572044 - CVE-2018-10177 ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file

1577398 - CVE-2018-10805 ImageMagick: Memory leak in ReadYCBCRImage

1577399 - CVE-2018-10804 ImageMagick: Memory leak in WriteTIFFImage

1581486 - CVE-2017-18271 ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c

1581489 - CVE-2017-18273 ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c

1588170 - CVE-2018-11656 ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c

1594338 - CVE-2018-12599 ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c

1594339 - CVE-2018-12600 ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here