OVAL Reference oval:org.opensuse.security:def:55766

Oval Definition:

oval:org.opensuse.security:def:55766

Revision Date:	2020-12-01	Version:	1
Title:	Security update for ImageMagick (Important)
Description:	ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803). - CVE-2014-9811: Crash in xwd file handler (bsc#984032). - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137). - CVE-2014-9813: Crash on corrupted viff file (bsc#984035). - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193). - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372). - CVE-2014-9816: Out of bound access in viff image (bsc#984398). - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400). - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181). - CVE-2014-9819: Heap overflow in palm files (bsc#984142). - CVE-2014-9830: Handling of corrupted sun file (bsc#984135). - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375). - CVE-2014-9850: Incorrect thread limit logic (bsc#984149). - CVE-2014-9851: Crash when parsing resource block (bsc#984160). - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191). - CVE-2014-9853: Memory leak in rle file handling (bsc#984408). - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253). - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259). - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232). - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234). - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442). - CVE-2014-9834: Heap overflow in pict file (bsc#984436). - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774). - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448). - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370). - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184). - CVE-2015-8898: Prevent null pointer access in magick/constitute.c (bsc#983746). - CVE-2014-9833: Heap overflow in psd file (bsc#984406). - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523). - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527). - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533). - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739). - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451). - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456). - CVE-2014-9836: Crash in xpm file handling (bsc#984023). - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796). - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014). - CVE-2014-9820: Heap overflow in xpm files (bsc#984150). - CVE-2014-9823: Heap overflow in palm file (bsc#984401). - CVE-2014-9822: Heap overflow in quantum file (bsc#984187). - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427). - CVE-2014-9824: Heap overflow in psd file (bsc#984185). - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799). - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186). - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179). - CVE-2014-9842: Memory leak in psd handling (bsc#984374). - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172). - CVE-2014-9840: Out of bound access in palm file (bsc#984433). - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144). - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521). - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394). - CVE-2014-9844: Out of bound issue in rle file (bsc#984373). - CVE-2014-9849: Crash in png coder (bsc#984018). - CVE-2014-9848: Memory leak in quantum management (bsc#984404). - CVE-2014-9807: Double free in pdb coder. (bsc#983794). - CVE-2014-9829: Out of bound access in sun file (bsc#984409). - CVE-2014-9832: Heap overflow in pcx file (bsc#984183). - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752). - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308). - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305). - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292). - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379). - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460). - CVE-2014-9837: Additional PNM sanity checks (bsc#984166). - CVE-2014-9835: Heap overflow in wpf file (bsc#984145). - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028). - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609). - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608).
Family:	unix	Class:	patch
Status:		Reference(s):	1007869 1007870 1007871 1009318 1011130 1011136 1013376 1014159 1025950 1025951 1056865 1069708 1071471 1090638 1106171 1106172 1106173 1106195 1107410 1107411 1107412 1107413 1107420 1107421 1107422 1107423 1107426 1107581 1108027 1109105 1154162 769799 798458 812525 817781 856832 857188 858676 858677 859158 950437 952099 957812 960382 960996 962743 974092 983232 983234 983253 983259 983292 983305 983308 983521 983523 983527 983533 983739 983746 983752 983774 983794 983796 983799 983803 984014 984018 984023 984028 984032 984035 984135 984137 984142 984144 984145 984149 984150 984160 984166 984172 984179 984181 984183 984184 984185 984186 984187 984191 984193 984370 984372 984373 984374 984375 984379 984394 984398 984400 984401 984404 984406 984408 984409 984427 984433 984436 985442 985448 985451 985456 985460 986608 986609 CVE-2009-0793 CVE-2011-4971 CVE-2012-3382 CVE-2013-0179 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-4276 CVE-2013-4549 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-1852 CVE-2015-3195 CVE-2015-7575 CVE-2015-7830 CVE-2015-8126 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-15868 CVE-2017-16939 CVE-2017-17833 CVE-2017-9951 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 CVE-2019-2974 SUSE-SU-2015:2251-1 SUSE-SU-2016:0110-1 SUSE-SU-2016:0256-1 SUSE-SU-2016:1784-1 SUSE-SU-2016:3258-1 SUSE-SU-2017:0695-1 SUSE-SU-2018:0271-1 SUSE-SU-2018:0807-1 SUSE-SU-2018:2975-1 SUSE-SU-2018:2991-1 SUSE-SU-2019:3370-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information bzip2-1.0.6-lp150.3 is installed OR libbz2-1-1.0.6-lp150.3 is installed OR libbz2-1-32bit-1.0.6-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information ncat-7.70-lp151.3.3 is installed OR ndiff-7.70-lp151.3.3 is installed OR nmap-7.70-lp151.3.3 is installed OR nping-7.70-lp151.3.3 is installed OR zenmap-7.70-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information bytefx-data-mysql-2.6.7-0.9 is installed OR ibm-data-db2-2.6.7-0.9 is installed OR mono-core-2.6.7-0.9 is installed OR mono-data-2.6.7-0.9 is installed OR mono-data-firebird-2.6.7-0.9 is installed OR mono-data-oracle-2.6.7-0.9 is installed OR mono-data-postgresql-2.6.7-0.9 is installed OR mono-data-sqlite-2.6.7-0.9 is installed OR mono-data-sybase-2.6.7-0.9 is installed OR mono-devel-2.6.7-0.9 is installed OR mono-extras-2.6.7-0.9 is installed OR mono-jscript-2.6.7-0.9 is installed OR mono-locale-extras-2.6.7-0.9 is installed OR mono-nunit-2.6.7-0.9 is installed OR mono-wcf-2.6.7-0.9 is installed OR mono-web-2.6.7-0.9 is installed OR mono-winforms-2.6.7-0.9 is installed OR monodoc-core-2.6.7-0.9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information compat-openssl097g-0.9.7g-146.22.36 is installed OR compat-openssl097g-32bit-0.9.7g-146.22.36 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information ImageMagick-6.8.8.1-30 is installed OR libMagick++-6_Q16-3-6.8.8.1-30 is installed OR libMagickCore-6_Q16-1-6.8.8.1-30 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-30 is installed OR libMagickWand-6_Q16-1-6.8.8.1-30 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libmysqlclient18-10.0.40.2-2.12 is installed OR libmysqlclient18-32bit-10.0.40.2-2.12 is installed OR libmysqlclient_r18-10.0.40.2-2.12 is installed OR libmysqlclient_r18-32bit-10.0.40.2-2.12 is installed OR mariadb-100-10.0.40.2-2.12 is installed OR mariadb-100-errormessages-10.0.40.2-2.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information liblcms1-1.19-17 is installed OR liblcms1-32bit-1.19-17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_60-default-5-2 is installed OR kgraft-patch-3_12_74-60_64_60-xen-5-2 is installed OR kgraft-patch-SLE12-SP1_Update_21-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libIlmImf-Imf_2_1-21-2.1.0-4 is installed OR openexr-2.1.0-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information git-2.12.3-27.17 is installed OR git-core-2.12.3-27.17 is installed OR git-doc-2.12.3-27.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_109-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_29-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND ucode-intel-20180425-13.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information apache-commons-beanutils-1.9.2-1 is installed OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND ucode-intel-20190618-13.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.60-38.47 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.60-38.47 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.60-38.47 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.60-38.47 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.60-38.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information ImageMagick-6.8.8.1-71.131 is installed OR ImageMagick-config-6-SUSE-6.8.8.1-71.131 is installed OR ImageMagick-config-6-upstream-6.8.8.1-71.131 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.131 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.131 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information cpp48-4.8.5-31.17 is installed OR gcc48-4.8.5-31.17 is installed OR gcc48-32bit-4.8.5-31.17 is installed OR gcc48-c++-4.8.5-31.17 is installed OR gcc48-info-4.8.5-31.17 is installed OR gcc48-locale-4.8.5-31.17 is installed OR libasan0-4.8.5-31.17 is installed OR libasan0-32bit-4.8.5-31.17 is installed OR libstdc++48-devel-4.8.5-31.17 is installed OR libstdc++48-devel-32bit-4.8.5-31.17 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND python-keystonemiddleware-2.3.1-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information xen-4.7.6_02-43.36 is installed OR xen-doc-html-4.7.6_02-43.36 is installed OR xen-libs-4.7.6_02-43.36 is installed OR xen-libs-32bit-4.7.6_02-43.36 is installed OR xen-tools-4.7.6_02-43.36 is installed OR xen-tools-domU-4.7.6_02-43.36 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information gvim-7.4.326-17.6 is installed OR vim-7.4.326-17.6 is installed OR vim-data-7.4.326-17.6 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-Werkzeug-0.14.1-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed

BACK