Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2019:1712-1 Moderate Security Update for ImageMagick Issues

suse
Calendar Grey June 25, 2019
Dist Suse Esm H88
The recent patch mitigates a few medium-level security flaws within the ImageMagick application, vital for all affected SUSE users.
An update that solves 9 vulnerabilities and has two fixes is now available

Summary

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow moderate severity SUSE Linux ImageMagick

References

#1133204 #1133205 #1133498 #1133501 #1134075

#1135232 #1135236 #1136183 #1136732 #1138425

#1138464

Cross- CVE-2017-12805 CVE-2017-12806 CVE-2019-10131

CVE-2019-11470 CVE-2019-11472 CVE-2019-11505

CVE-2019-11506 CVE-2019-11597 CVE-2019-11598

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP4

SUSE Linux Enterprise Workstation Extension 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP4

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-12805.html

https://www.suse.com/security/cve/CVE-2017-12806.html

Announcement ID: SUSE-SU-2019:1712-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow moderate severity SUSE Linux ImageMagick

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here