OVAL Reference oval:org.opensuse.security:def:56337

Oval Definition:

oval:org.opensuse.security:def:56337

Revision Date:	2020-12-01	Version:	1
Title:	Security update for ImageMagick (Important)
Description:	This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large 'length' field in the header but does not contain sufficient backing data, is provided, the loop over \'length\' would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050]
Family:	unix	Class:	patch
Status:		Reference(s):	1038231 1051684 1051685 1052460 1053259 1055053 1055063 1056550 1057723 1058422 1062538 1063049 1063050 1067844 1092548 1102682 1103203 1105323 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-0163 CVE-2009-0368 CVE-2009-2285 CVE-2009-2347 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-2941 CVE-2010-3609 CVE-2010-4523 CVE-2010-4665 CVE-2011-0020 CVE-2011-0064 CVE-2011-0192 CVE-2011-1167 CVE-2011-1709 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2012-5134 CVE-2012-5519 CVE-2012-6094 CVE-2013-0211 CVE-2013-0262 CVE-2013-0263 CVE-2013-0269 CVE-2013-0276 CVE-2013-0277 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 CVE-2015-1547 CVE-2015-2304 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-3186 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 CVE-2016-6354 CVE-2017-12172 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15098 CVE-2017-15277 CVE-2017-15281 CVE-2017-7494 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-10902 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5390 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 SUSE-SU-2017:1392-1 SUSE-SU-2017:2355-1 SUSE-SU-2018:0017-1 SUSE-SU-2018:0081-1 SUSE-SU-2019:2036-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND chrony-3.2-lp150.5 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.2-lp151.2.3 is installed OR libjavascriptcoregtk-4_0-18-32bit-2.24.2-lp151.2.3 is installed OR libwebkit2gtk-4_0-37-2.24.2-lp151.2.3 is installed OR libwebkit2gtk-4_0-37-32bit-2.24.2-lp151.2.3 is installed OR libwebkit2gtk3-lang-2.24.2-lp151.2.3 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.2-lp151.2.3 is installed OR typelib-1_0-WebKit2-4_0-2.24.2-lp151.2.3 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.24.2-lp151.2.3 is installed OR webkit-jsc-4-2.24.2-lp151.2.3 is installed OR webkit2gtk-4_0-injected-bundles-2.24.2-lp151.2.3 is installed OR webkit2gtk3-2.24.2-lp151.2.3 is installed OR webkit2gtk3-devel-2.24.2-lp151.2.3 is installed OR webkit2gtk3-minibrowser-2.24.2-lp151.2.3 is installed OR webkit2gtk3-plugin-process-gtk2-2.24.2-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information ImageMagick-6.8.8.1-71.20 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.20 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.20 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.20 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cups-1.7.5-9 is installed OR cups-client-1.7.5-9 is installed OR cups-libs-1.7.5-9 is installed OR cups-libs-32bit-1.7.5-9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information postgresql94-9.4.13-21.5 is installed OR postgresql94-contrib-9.4.13-21.5 is installed OR postgresql94-docs-9.4.13-21.5 is installed OR postgresql94-server-9.4.13-21.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information gdm-3.10.0.1-52 is installed OR gdm-lang-3.10.0.1-52 is installed OR gdmflexiserver-3.10.0.1-52 is installed OR libgdm1-3.10.0.1-52 is installed OR typelib-1_0-Gdm-1_0-3.10.0.1-52 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libdcerpc-atsvc0-4.2.4-28.29 is installed OR samba-4.2.4-28.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.25-30.39 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information ntp-4.2.8p11-64.5 is installed OR ntp-doc-4.2.8p11-64.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information ruby2.1-rubygem-chef-10.32.2-3 is installed OR ruby2.1-rubygem-chef-expander-10.32.2-1 is installed OR ruby2.1-rubygem-chef-server-10.32.2-1 is installed OR ruby2.1-rubygem-chef-server-api-10.32.2-4 is installed OR ruby2.1-rubygem-chef-solr-10.32.2-1 is installed OR rubygem-chef-10.32.2-3 is installed OR rubygem-chef-expander-10.32.2-1 is installed OR rubygem-chef-server-api-10.32.2-4 is installed OR rubygem-chef-solr-10.32.2-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information libecpg6-10.5-1.3 is installed OR libpq5-10.5-1.3 is installed OR libpq5-32bit-10.5-1.3 is installed OR postgresql-init-10-17.20 is installed OR postgresql10-10.5-1.3 is installed OR postgresql10-contrib-10.5-1.3 is installed OR postgresql10-docs-10.5-1.3 is installed OR postgresql10-libs-10.5-1.3 is installed OR postgresql10-server-10.5-1.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-requests-2.20.1-4.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpython3_4m1_0-3.4.6-25.29 is installed OR python3-3.4.6-25.29 is installed OR python3-base-3.4.6-25.29 is installed OR python3-curses-3.4.6-25.29 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-requests-2.20.1-4.3 is installed

BACK