Login
Newsletter
Werbung

Sicherheit: Denial of Service in php7-imagick
Aktuelle Meldungen Distributionen
Name: Denial of Service in php7-imagick
ID: openSUSE-SU-2020:0014-1
Distribution: SUSE
Plattformen: SUSE Package Hub for SUSE Linux Enterprise 12, SUSE openSUSE Leap 15.1, SUSE openSUSE Backports SLE-15-SP1
Datum: Di, 14. Januar 2020, 07:06
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11037
Applikationen: php7-imagick

Originalnachricht

   openSUSE Security Update: Security update for php7-imagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0014-1
Rating: moderate
References: #1135418
Cross-References: CVE-2019-11037
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for php7-imagick fixes the following issues:

Upgrade to version 3.4.4:

Added:

* function Imagick::optimizeImageTransparency()
* METRIC_STRUCTURAL_SIMILARITY_ERROR
* METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD - https://github.com/facebook/zstd
* COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK
* FILTER_CUBIC_SPLINE - "Define the lobes with the -define
filter:lobes={2,3,4} (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506)."
* Imagick now explicitly conflicts with the Gmagick extension.

Fixes:

* Correct version check to make RemoveAlphaChannel and
FlattenAlphaChannel be available when using Imagick with ImageMagick
version 6.7.8-x
* Bug 77128 - Imagick::setImageInterpolateMethod() not available on
Windows
* Prevent memory leak when ImagickPixel::__construct called after object
instantiation.
* Prevent segfault when ImagickPixel internal constructor not called.
* Imagick::setResourceLimit support for values larger than 2GB (2^31) on
32bit platforms.
* Corrected memory overwrite in Imagick::colorDecisionListImage()
* Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. Fixes
CVE-2019-11037, boo#1135418

The following functions have been deprecated:

* ImagickDraw, matte
* Imagick::averageimages
* Imagick::colorfloodfillimage
* Imagick::filter
* Imagick::flattenimages
* Imagick::getimageattribute
* Imagick::getimagechannelextrema
* Imagick::getimageclipmask
* Imagick::getimageextrema
* Imagick::getimageindex
* Imagick::getimagematte
* Imagick::getimagemattecolor
* Imagick::getimagesize
* Imagick::mapimage
* Imagick::mattefloodfillimage
* Imagick::medianfilterimage
* Imagick::mosaicimages
* Imagick::orderedposterizeimage
* Imagick::paintfloodfillimage
* Imagick::paintopaqueimage
* Imagick::painttransparentimage
* Imagick::radialblurimage
* Imagick::recolorimage
* Imagick::reducenoiseimage
* Imagick::roundcornersimage
* Imagick::roundcorners
* Imagick::setimageattribute
* Imagick::setimagebias
* Imagick::setimageclipmask
* Imagick::setimageindex
* Imagick::setimagemattecolor
* Imagick::setimagebiasquantum
* Imagick::setimageopacity
* Imagick::transformimage


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-14=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-14=1

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-14=1



Package List:

- openSUSE Leap 15.1 (x86_64):

php7-imagick-3.4.4-lp151.8.3.1
php7-imagick-debuginfo-3.4.4-lp151.8.3.1
php7-imagick-debugsource-3.4.4-lp151.8.3.1

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

php7-imagick-3.4.4-bp151.2.3.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x
x86_64):

php7-imagick-3.4.4-5.1


References:

https://www.suse.com/security/cve/CVE-2019-11037.html
https://bugzilla.suse.com/1135418

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung