drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ImageMagick
Name: |
Mehrere Probleme in ImageMagick |
|
ID: |
SUSE-SU-2018:3808-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4 |
|
Datum: |
Mo, 19. November 2018, 17:05 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11532 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3808-1 Rating: moderate References: #1050129 #1050635 #1107609 #1112399 Cross-References: CVE-2017-11532 CVE-2017-11639 CVE-2017-14997 CVE-2018-16644 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399) - CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609) - CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129) - CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-ImageMagick-13868=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-ImageMagick-13868=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-ImageMagick-13868=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-6.4.3.6-78.79.1 ImageMagick-devel-6.4.3.6-78.79.1 libMagick++-devel-6.4.3.6-78.79.1 libMagick++1-6.4.3.6-78.79.1 libMagickWand1-6.4.3.6-78.79.1 perl-PerlMagick-6.4.3.6-78.79.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
libMagickWand1-32bit-6.4.3.6-78.79.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libMagickCore1-6.4.3.6-78.79.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libMagickCore1-32bit-6.4.3.6-78.79.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ImageMagick-debuginfo-6.4.3.6-78.79.1 ImageMagick-debugsource-6.4.3.6-78.79.1
References:
https://www.suse.com/security/cve/CVE-2017-11532.html https://www.suse.com/security/cve/CVE-2017-11639.html https://www.suse.com/security/cve/CVE-2017-14997.html https://www.suse.com/security/cve/CVE-2018-16644.html https://bugzilla.suse.com/1050129 https://bugzilla.suse.com/1050635 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1112399
_______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|