Oval Definition:oval:org.opensuse.security:def:56350
Revision Date:2020-12-01Version:1
Title:Security update for ImageMagick (Moderate)
Description:

This update for ImageMagick fixes several issues.

These security issues were fixed:

- CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901). - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635) - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098) - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353). - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354). - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037). - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072). - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100). - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442). - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470). - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708). - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717). - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721). - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768). - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777). - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781). - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600). - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068). - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374). - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455). - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456). - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000). - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162). - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752). - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120). - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125). - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185).
Family:unixClass:patch
Status:Reference(s):1043353
1043354
1047908
1048715
1050037
1050072
1050098
1050100
1050635
1051442
1052311
1052368
1052470
1052708
1052717
1052721
1052768
1052777
1052781
1054600
1055068
1055374
1055455
1055456
1057000
1060162
1062752
1072362
1072901
1074120
1074125
1074185
1074309
1075939
1076021
1076051
1083125
1085447
1090368
1090646
1107832
1108963
1110233
1149496
1158675
1165402
1172175
1172176
963041
983273
CVE-2007-3999
CVE-2010-2761
CVE-2010-4410
CVE-2010-4411
CVE-2010-4777
CVE-2011-0421
CVE-2012-1162
CVE-2012-1163
CVE-2012-2451
CVE-2013-0240
CVE-2013-1799
CVE-2015-0247
CVE-2015-1572
CVE-2015-2331
CVE-2015-5185
CVE-2015-8370
CVE-2015-8853
CVE-2015-8899
CVE-2016-1238
CVE-2016-2381
CVE-2016-6185
CVE-2017-1000112
CVE-2017-10995
CVE-2017-11505
CVE-2017-11525
CVE-2017-11526
CVE-2017-11539
CVE-2017-11639
CVE-2017-11750
CVE-2017-12565
CVE-2017-12640
CVE-2017-12641
CVE-2017-12643
CVE-2017-12671
CVE-2017-12673
CVE-2017-12676
CVE-2017-12935
CVE-2017-13059
CVE-2017-13141
CVE-2017-13142
CVE-2017-13147
CVE-2017-13166
CVE-2017-14103
CVE-2017-14649
CVE-2017-15218
CVE-2017-17504
CVE-2017-17681
CVE-2017-17879
CVE-2017-17884
CVE-2017-17914
CVE-2017-18008
CVE-2017-18027
CVE-2017-18029
CVE-2017-3308
CVE-2017-3309
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
CVE-2017-9261
CVE-2017-9262
CVE-2018-14633
CVE-2018-14634
CVE-2018-17182
CVE-2018-5246
CVE-2018-5685
CVE-2018-8781
CVE-2018-8897
CVE-2019-16770
CVE-2019-5482
CVE-2020-11076
CVE-2020-11077
CVE-2020-5247
SUSE-SU-2016:3269-1
SUSE-SU-2017:2035-1
SUSE-SU-2017:2442-1
SUSE-SU-2018:0349-1
SUSE-SU-2018:1537-1
SUSE-SU-2019:2339-2
SUSE-SU-2020:2060-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 6-LTSS
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • dbus-1-glib-0.108-lp150.1 is installed
  • OR dbus-1-glib-tool-0.108-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND teeworlds-0.7.3.1-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.33 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-71.33 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.33 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libmysqlclient18-10.0.31-29.3 is installed
  • OR libmysqlclient18-32bit-10.0.31-29.3 is installed
  • OR libmysqlclient_r18-10.0.31-29.3 is installed
  • OR libmysqlclient_r18-32bit-10.0.31-29.3 is installed
  • OR mariadb-10.0.31-29.3 is installed
  • OR mariadb-client-10.0.31-29.3 is installed
  • OR mariadb-errormessages-10.0.31-29.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • e2fsprogs-1.42.11-7 is installed
  • OR libcom_err2-1.42.11-7 is installed
  • OR libcom_err2-32bit-1.42.11-7 is installed
  • OR libext2fs2-1.42.11-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_35-default-5-2 is installed
  • OR kgraft-patch-3_12_69-60_64_35-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_14-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • grub2-2.02~beta2-104 is installed
  • OR grub2-arm64-efi-2.02~beta2-104 is installed
  • OR grub2-i386-pc-2.02~beta2-104 is installed
  • OR grub2-powerpc-ieee1275-2.02~beta2-104 is installed
  • OR grub2-s390x-emu-2.02~beta2-104 is installed
  • OR grub2-snapper-plugin-2.02~beta2-104 is installed
  • OR grub2-systemd-sleep-plugin-2.02~beta2-104 is installed
  • OR grub2-x86_64-efi-2.02~beta2-104 is installed
  • OR grub2-x86_64-xen-2.02~beta2-104 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • apache2-2.4.23-29.18 is installed
  • OR apache2-doc-2.4.23-29.18 is installed
  • OR apache2-example-pages-2.4.23-29.18 is installed
  • OR apache2-prefork-2.4.23-29.18 is installed
  • OR apache2-utils-2.4.23-29.18 is installed
  • OR apache2-worker-2.4.23-29.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_80-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_22-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND autofs-5.0.9-27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND gdb-8.3.1-2.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • perl-5.18.2-12.20 is installed
  • OR perl-32bit-5.18.2-12.20 is installed
  • OR perl-base-5.18.2-12.20 is installed
  • OR perl-doc-5.18.2-12.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • evince-3.20.2-6.22 is installed
  • OR evince-browser-plugin-3.20.2-6.22 is installed
  • OR evince-lang-3.20.2-6.22 is installed
  • OR evince-plugin-djvudocument-3.20.2-6.22 is installed
  • OR evince-plugin-dvidocument-3.20.2-6.22 is installed
  • OR evince-plugin-pdfdocument-3.20.2-6.22 is installed
  • OR evince-plugin-psdocument-3.20.2-6.22 is installed
  • OR evince-plugin-tiffdocument-3.20.2-6.22 is installed
  • OR evince-plugin-xpsdocument-3.20.2-6.22 is installed
  • OR libevdocument3-4-3.20.2-6.22 is installed
  • OR libevview3-3-3.20.2-6.22 is installed
  • OR nautilus-evince-3.20.2-6.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • dnsmasq-2.71-13 is installed
  • OR dnsmasq-utils-2.71-13 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6-LTSS is installed
  • AND Package Information
  • ruby2.1-rubygem-puma-2.16.0-4.3 is installed
  • OR rubygem-puma-2.16.0-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libsystemd0-228-150.53 is installed
  • OR libsystemd0-32bit-228-150.53 is installed
  • OR libudev1-228-150.53 is installed
  • OR libudev1-32bit-228-150.53 is installed
  • OR systemd-228-150.53 is installed
  • OR systemd-32bit-228-150.53 is installed
  • OR systemd-bash-completion-228-150.53 is installed
  • OR systemd-sysvinit-228-150.53 is installed
  • OR udev-228-150.53 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-requests-2.20.1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1571412352.8da4d261f-3.13 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13 is installed
  • OR crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13 is installed
  • OR grafana-6.2.5-3.9 is installed
  • OR openstack-cinder-13.0.8~dev8-3.13 is installed
  • OR openstack-cinder-api-13.0.8~dev8-3.13 is installed
  • OR openstack-cinder-backup-13.0.8~dev8-3.13 is installed
  • OR openstack-cinder-scheduler-13.0.8~dev8-3.13 is installed
  • OR openstack-cinder-volume-13.0.8~dev8-3.13 is installed
  • OR openstack-dashboard-14.0.5~dev1-3.9 is installed
  • OR openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3 is installed
  • OR openstack-keystone-14.1.1~dev26-3.13 is installed
  • OR openstack-manila-7.3.1~dev15-4.13 is installed
  • OR openstack-manila-api-7.3.1~dev15-4.13 is installed
  • OR openstack-manila-data-7.3.1~dev15-4.13 is installed
  • OR openstack-manila-scheduler-7.3.1~dev15-4.13 is installed
  • OR openstack-manila-share-7.3.1~dev15-4.13 is installed
  • OR openstack-neutron-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-dhcp-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-fwaas-13.0.3~dev2-3.6 is installed
  • OR openstack-neutron-ha-tool-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-l3-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-lbaas-13.0.1~dev15-3.10 is installed
  • OR openstack-neutron-lbaas-agent-13.0.1~dev15-3.10 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-macvtap-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-metadata-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-metering-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13 is installed
  • OR openstack-neutron-server-13.0.6~dev3-3.13 is installed
  • OR openstack-nova-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-api-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-cells-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-compute-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-conductor-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-console-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-novncproxy-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-placement-api-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-scheduler-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-serialproxy-18.2.4~dev18-3.13 is installed
  • OR openstack-nova-vncproxy-18.2.4~dev18-3.13 is installed
  • OR openstack-octavia-3.2.1~dev1-3.13 is installed
  • OR openstack-octavia-amphora-agent-3.2.1~dev1-3.13 is installed
  • OR openstack-octavia-amphora-image-0.1.1-7.3 is installed
  • OR openstack-octavia-amphora-image-x86_64-0.1.1-7.3 is installed
  • OR openstack-octavia-api-3.2.1~dev1-3.13 is installed
  • OR openstack-octavia-health-manager-3.2.1~dev1-3.13 is installed
  • OR openstack-octavia-housekeeping-3.2.1~dev1-3.13 is installed
  • OR openstack-octavia-worker-3.2.1~dev1-3.13 is installed
  • OR python-Django1-1.11.24-3.12 is installed
  • OR python-cinder-13.0.8~dev8-3.13 is installed
  • OR python-horizon-14.0.5~dev1-3.9 is installed
  • OR python-horizon-plugin-manila-ui-2.16.2~dev2-3.3 is installed
  • OR python-keystone-14.1.1~dev26-3.13 is installed
  • OR python-keystonemiddleware-5.2.1-11 is installed
  • OR python-manila-7.3.1~dev15-4.13 is installed
  • OR python-neutron-13.0.6~dev3-3.13 is installed
  • OR python-neutron-fwaas-13.0.3~dev2-3.6 is installed
  • OR python-neutron-lbaas-13.0.1~dev15-3.10 is installed
  • OR python-nova-18.2.4~dev18-3.13 is installed
  • OR python-octavia-3.2.1~dev1-3.13 is installed
  • OR python-octaviaclient-1.6.1-3.3 is installed
  • OR python-openstack_auth-14.0.5~dev1-3.9 is installed
  • OR python-os-brick-2.5.8-3.6 is installed
  • OR python-os-brick-common-2.5.8-3.6 is installed
  • OR python-oslo.cache-1.30.4-3.3 is installed
  • OR python-oslo.messaging-8.1.4-3.3 is installed
    • BACK