SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2964-1
Rating:             important
References:         #1000399 #1000434 #1000436 #1000688 #1000689 
                    #1000690 #1000691 #1000692 #1000693 #1000694 
                    #1000695 #1000698 #1000699 #1000700 #1000701 
                    #1000703 #1000704 #1000707 #1000709 #1000711 
                    #1000713 #1000714 #1001066 #1001221 #1002209 
                    #1002421 #1002422 #1003629 #1005123 #1005125 
                    #1005127 #1007245 
Cross-References:   CVE-2014-9907 CVE-2015-8957 CVE-2015-8958
                    CVE-2015-8959 CVE-2016-5687 CVE-2016-6823
                    CVE-2016-7101 CVE-2016-7514 CVE-2016-7515
                    CVE-2016-7516 CVE-2016-7517 CVE-2016-7518
                    CVE-2016-7519 CVE-2016-7522 CVE-2016-7523
                    CVE-2016-7524 CVE-2016-7525 CVE-2016-7526
                    CVE-2016-7527 CVE-2016-7528 CVE-2016-7529
                    CVE-2016-7530 CVE-2016-7531 CVE-2016-7533
                    CVE-2016-7535 CVE-2016-7537 CVE-2016-7799
                    CVE-2016-7800 CVE-2016-7996 CVE-2016-7997
                    CVE-2016-8682 CVE-2016-8683 CVE-2016-8684
                    CVE-2016-8862
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 34 vulnerabilities is now available.

Description:


   This update for ImageMagick fixes the following issues:

   These vulnerabilities could be triggered by processing specially crafted
   image files, which could lead to a process crash or resource consumtion,
   or potentially have unspecified futher impact.

   - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory
     (bsc#1007245)
   - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)
   - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)
   - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)
   - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)
   - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)
   - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)
   - CVE-2016-7529: out of bound in quantum handling (bsc#1000399)
   - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)
   - CVE-2016-7527:  out of bound access in wpg file coder: (bsc#1000436)
   - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)
   - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434)
   - CVE-2016-8683: Check that filesize is reasonable compared to the header
     value (bsc#1005127)
   - CVE-2016-8682: Stack-buffer read overflow while reading SCT header
     (bsc#1005125)
   - CVE-2016-8684: Mismatch between real filesize and header values
     (bsc#1005123)
   - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)
   - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)
   - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in
     meta.c:465 (bsc#1000700)
   - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)
   - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)
   - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)
   - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)
   - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)
   - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)
   - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files
     (bsc#1000692)
   - CVE-2015-8958: Potential DOS in sun file handling due to malformed files
     (bsc#1000691)
   - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)
   - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)
   - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694)
   - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow
     (bsc#1002422)
   - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1
     meta.c:496 (bsc#1000699)
   - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-ImageMagick-12867=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-ImageMagick-12867=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-ImageMagick-12867=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      ImageMagick-6.4.3.6-7.54.1
      ImageMagick-devel-6.4.3.6-7.54.1
      libMagick++-devel-6.4.3.6-7.54.1
      libMagick++1-6.4.3.6-7.54.1
      libMagickWand1-6.4.3.6-7.54.1
      perl-PerlMagick-6.4.3.6-7.54.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libMagickWand1-32bit-6.4.3.6-7.54.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libMagickCore1-6.4.3.6-7.54.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libMagickCore1-32bit-6.4.3.6-7.54.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      ImageMagick-debuginfo-6.4.3.6-7.54.1
      ImageMagick-debugsource-6.4.3.6-7.54.1


References:

   https://www.suse.com/security/cve/CVE-2014-9907.html
   https://www.suse.com/security/cve/CVE-2015-8957.html
   https://www.suse.com/security/cve/CVE-2015-8958.html
   https://www.suse.com/security/cve/CVE-2015-8959.html
   https://www.suse.com/security/cve/CVE-2016-5687.html
   https://www.suse.com/security/cve/CVE-2016-6823.html
   https://www.suse.com/security/cve/CVE-2016-7101.html
   https://www.suse.com/security/cve/CVE-2016-7514.html
   https://www.suse.com/security/cve/CVE-2016-7515.html
   https://www.suse.com/security/cve/CVE-2016-7516.html
   https://www.suse.com/security/cve/CVE-2016-7517.html
   https://www.suse.com/security/cve/CVE-2016-7518.html
   https://www.suse.com/security/cve/CVE-2016-7519.html
   https://www.suse.com/security/cve/CVE-2016-7522.html
   https://www.suse.com/security/cve/CVE-2016-7523.html
   https://www.suse.com/security/cve/CVE-2016-7524.html
   https://www.suse.com/security/cve/CVE-2016-7525.html
   https://www.suse.com/security/cve/CVE-2016-7526.html
   https://www.suse.com/security/cve/CVE-2016-7527.html
   https://www.suse.com/security/cve/CVE-2016-7528.html
   https://www.suse.com/security/cve/CVE-2016-7529.html
   https://www.suse.com/security/cve/CVE-2016-7530.html
   https://www.suse.com/security/cve/CVE-2016-7531.html
   https://www.suse.com/security/cve/CVE-2016-7533.html
   https://www.suse.com/security/cve/CVE-2016-7535.html
   https://www.suse.com/security/cve/CVE-2016-7537.html
   https://www.suse.com/security/cve/CVE-2016-7799.html
   https://www.suse.com/security/cve/CVE-2016-7800.html
   https://www.suse.com/security/cve/CVE-2016-7996.html
   https://www.suse.com/security/cve/CVE-2016-7997.html
   https://www.suse.com/security/cve/CVE-2016-8682.html
   https://www.suse.com/security/cve/CVE-2016-8683.html
   https://www.suse.com/security/cve/CVE-2016-8684.html
   https://www.suse.com/security/cve/CVE-2016-8862.html
   https://bugzilla.suse.com/1000399
   https://bugzilla.suse.com/1000434
   https://bugzilla.suse.com/1000436
   https://bugzilla.suse.com/1000688
   https://bugzilla.suse.com/1000689
   https://bugzilla.suse.com/1000690
   https://bugzilla.suse.com/1000691
   https://bugzilla.suse.com/1000692
   https://bugzilla.suse.com/1000693
   https://bugzilla.suse.com/1000694
   https://bugzilla.suse.com/1000695
   https://bugzilla.suse.com/1000698
   https://bugzilla.suse.com/1000699
   https://bugzilla.suse.com/1000700
   https://bugzilla.suse.com/1000701
   https://bugzilla.suse.com/1000703
   https://bugzilla.suse.com/1000704
   https://bugzilla.suse.com/1000707
   https://bugzilla.suse.com/1000709
   https://bugzilla.suse.com/1000711
   https://bugzilla.suse.com/1000713
   https://bugzilla.suse.com/1000714
   https://bugzilla.suse.com/1001066
   https://bugzilla.suse.com/1001221
   https://bugzilla.suse.com/1002209
   https://bugzilla.suse.com/1002421
   https://bugzilla.suse.com/1002422
   https://bugzilla.suse.com/1003629
   https://bugzilla.suse.com/1005123
   https://bugzilla.suse.com/1005125
   https://bugzilla.suse.com/1005127
   https://bugzilla.suse.com/1007245

SuSE: 2016:2964-1: important: ImageMagick

December 1, 2016
An update that fixes 34 vulnerabilities is now available

Summary

This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7529: out of bound in quantum handling (bsc#1000399) - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12867=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12867=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12867=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.54.1 ImageMagick-devel-6.4.3.6-7.54.1 libMagick++-devel-6.4.3.6-7.54.1 libMagick++1-6.4.3.6-7.54.1 libMagickWand1-6.4.3.6-7.54.1 perl-PerlMagick-6.4.3.6-7.54.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.54.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.54.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.54.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.54.1 ImageMagick-debugsource-6.4.3.6-7.54.1

References

#1000399 #1000434 #1000436 #1000688 #1000689

#1000690 #1000691 #1000692 #1000693 #1000694

#1000695 #1000698 #1000699 #1000700 #1000701

#1000703 #1000704 #1000707 #1000709 #1000711

#1000713 #1000714 #1001066 #1001221 #1002209

#1002421 #1002422 #1003629 #1005123 #1005125

#1005127 #1007245

Cross- CVE-2014-9907 CVE-2015-8957 CVE-2015-8958

CVE-2015-8959 CVE-2016-5687 CVE-2016-6823

CVE-2016-7101 CVE-2016-7514 CVE-2016-7515

CVE-2016-7516 CVE-2016-7517 CVE-2016-7518

CVE-2016-7519 CVE-2016-7522 CVE-2016-7523

CVE-2016-7524 CVE-2016-7525 CVE-2016-7526

CVE-2016-7527 CVE-2016-7528 CVE-2016-7529

CVE-2016-7530 CVE-2016-7531 CVE-2016-7533

CVE-2016-7535 CVE-2016-7537 CVE-2016-7799

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997

CVE-2016-8682 CVE-2016-8683 CVE-2016-8684

CVE-2016-8862

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2014-9907.html

https://www.suse.com/security/cve/CVE-2015-8957.html

https://www.suse.com/security/cve/CVE-2015-8958.html

https://www.suse.com/security/cve/CVE-2015-8959.html

https://www.suse.com/security/cve/CVE-2016-5687.html

https://www.suse.com/security/cve/CVE-2016-6823.html

https://www.suse.com/security/cve/CVE-2016-7101.html

https://www.suse.com/security/cve/CVE-2016-7514.html

https://www.suse.com/security/cve/CVE-2016-7515.html

https://www.suse.com/security/cve/CVE-2016-7516.html

https://www.suse.com/security/cve/CVE-2016-7517.html

https://www.suse.com/security/cve/CVE-2016-7518.html

https://www.suse.com/security/cve/CVE-2016-7519.html

https://www.suse.com/security/cve/CVE-2016-7522.html

https://www.suse.com/security/cve/CVE-2016-7523.html

https://www.suse.com/security/cve/CVE-2016-7524.html

https://www.suse.com/security/cve/CVE-2016-7525.html

https://www.suse.com/security/cve/CVE-2016-7526.html

https://www.suse.com/security/cve/CVE-2016-7527.html

https://www.suse.com/security/cve/CVE-2016-7528.html

https://www.suse.com/security/cve/CVE-2016-7529.html

https://www.suse.com/security/cve/CVE-2016-7530.html

https://www.suse.com/security/cve/CVE-2016-7531.html

https://www.suse.com/security/cve/CVE-2016-7533.html

https://www.suse.com/security/cve/CVE-2016-7535.html

https://www.suse.com/security/cve/CVE-2016-7537.html

https://www.suse.com/security/cve/CVE-2016-7799.html

https://www.suse.com/security/cve/CVE-2016-7800.html

https://www.suse.com/security/cve/CVE-2016-7996.html

https://www.suse.com/security/cve/CVE-2016-7997.html

https://www.suse.com/security/cve/CVE-2016-8682.html

https://www.suse.com/security/cve/CVE-2016-8683.html

https://www.suse.com/security/cve/CVE-2016-8684.html

https://www.suse.com/security/cve/CVE-2016-8862.html

https://bugzilla.suse.com/1000399

https://bugzilla.suse.com/1000434

https://bugzilla.suse.com/1000436

https://bugzilla.suse.com/1000688

https://bugzilla.suse.com/1000689

https://bugzilla.suse.com/1000690

https://bugzilla.suse.com/1000691

https://bugzilla.suse.com/1000692

https://bugzilla.suse.com/1000693

https://bugzilla.suse.com/1000694

https://bugzilla.suse.com/1000695

https://bugzilla.suse.com/1000698

https://bugzilla.suse.com/1000699

https://bugzilla.suse.com/1000700

https://bugzilla.suse.com/1000701

https://bugzilla.suse.com/1000703

https://bugzilla.suse.com/1000704

https://bugzilla.suse.com/1000707

https://bugzilla.suse.com/1000709

https://bugzilla.suse.com/1000711

https://bugzilla.suse.com/1000713

https://bugzilla.suse.com/1000714

https://bugzilla.suse.com/1001066

https://bugzilla.suse.com/1001221

https://bugzilla.suse.com/1002209

https://bugzilla.suse.com/1002421

https://bugzilla.suse.com/1002422

https://bugzilla.suse.com/1003629

https://bugzilla.suse.com/1005123

https://bugzilla.suse.com/1005125

https://bugzilla.suse.com/1005127

https://bugzilla.suse.com/1007245

Severity
Announcement ID: SUSE-SU-2016:2964-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved