Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 520
Alerts This Week
Warning Icon 1 520

SUSE: 2018:2475-1 Moderate: ImageMagick Memory Leak Issues Resolved

suse
Calendar Grey August 22, 2018
Dist Suse Esm H88
New release for ImageMagick fixes several memory leaks to boost security. Implement the SUSE update without delay.
An update that solves four vulnerabilities and has one errata is now available

Summary

This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2018-14434: A memory leak for a colormap in WriteMPCImage incoders/mpc.c was fixed. (bsc#1102003) * CVE-2018-14435: A memory leak in DecodeImage in coders/pcd.c was fixed. (bsc#1102007) * CVE-2018-14436: A memory leak in ReadMIFFImage in coders/miff.c was fixed. (bsc#1102005) * CVE-2018-14437: A memory leak in parse8BIM in coders/meta.c was fixed. (bsc#1102004) Bug fix: - bsc#1094741: Fix unexpected result with `convert -compose`. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15:

References

#1094741 #1102003 #1102004 #1102005 #1102007

Cross- CVE-2018-14434 CVE-2018-14435 CVE-2018-14436

CVE-2018-14437

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15

https://www.suse.com/security/cve/CVE-2018-14434.html

https://www.suse.com/security/cve/CVE-2018-14435.html

https://www.suse.com/security/cve/CVE-2018-14436.html

https://www.suse.com/security/cve/CVE-2018-14437.html

https://bugzilla.suse.com/1094741

https://bugzilla.suse.com/1102003

https://bugzilla.suse.com/1102004

https://bugzilla.suse.com/1102005

https://bugzilla.suse.com/1102007

Announcement ID: SUSE-SU-2018:2475-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.