Oval Definition:oval:org.opensuse.security:def:56617
Revision Date:2020-12-01Version:1
Title:Security update for ImageMagick (Moderate)
Description:

This update for ImageMagick fixes the following security issues:

- CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129) - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like formats to 'write' only. (bsc#1105592)
Family:unixClass:patch
Status:Reference(s):1013882
1031702
1037396
1040039
1040662
1041764
1047184
1049423
1050129
1052448
1052449
1052466
1053431
1065083
1068565
1073313
1076118
1077732
1082216
1082233
1082234
1096718
1101676
1101677
1101678
1103342
1105592
1106989
1107604
1107609
1107612
1107616
1107619
1108282
1108283
1111622
1112368
1112397
1112417
1112421
1112432
1112758
1116686
1117740
1118754
1131886
1132666
1136037
1141780
1141782
1141783
1141785
1141789
1147021
930077
930078
930079
937419
952254
960402
963937
967970
975500
CVE-2013-1988
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-5041
CVE-2015-5310
CVE-2015-7575
CVE-2015-7981
CVE-2015-8041
CVE-2015-8126
CVE-2015-8472
CVE-2015-8540
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0483
CVE-2016-0494
CVE-2016-0753
CVE-2016-2533
CVE-2016-4009
CVE-2016-9843
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10125
CVE-2017-10243
CVE-2017-11423
CVE-2017-11532
CVE-2017-12374
CVE-2017-12375
CVE-2017-12376
CVE-2017-12377
CVE-2017-12378
CVE-2017-12379
CVE-2017-12380
CVE-2017-17740
CVE-2017-3145
CVE-2017-6418
CVE-2017-6419
CVE-2017-6420
CVE-2017-9287
CVE-2018-12015
CVE-2018-16413
CVE-2018-16640
CVE-2018-16642
CVE-2018-16643
CVE-2018-16644
CVE-2018-16645
CVE-2018-16749
CVE-2018-16750
CVE-2018-16839
CVE-2018-18074
CVE-2018-19622
CVE-2018-19623
CVE-2018-19624
CVE-2018-19625
CVE-2018-19626
CVE-2018-19627
CVE-2018-3058
CVE-2018-3063
CVE-2018-3064
CVE-2018-3066
CVE-2018-3143
CVE-2018-3156
CVE-2018-3174
CVE-2018-3251
CVE-2018-3282
CVE-2018-6797
CVE-2018-6798
CVE-2018-6913
CVE-2019-11771
CVE-2019-11775
CVE-2019-2529
CVE-2019-2537
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2816
CVE-2019-4473
CVE-2019-7317
SUSE-SU-2016:0401-1
SUSE-SU-2016:2305-1
SUSE-SU-2017:2263-1
SUSE-SU-2018:0255-1
SUSE-SU-2018:0303-1
SUSE-SU-2018:1972-1
SUSE-SU-2018:3095-1
SUSE-SU-2018:4298-1
SUSE-SU-2019:0996-1
SUSE-SU-2019:2027-1
SUSE-SU-2019:2048-1
SUSE-SU-2019:2334-1
SUSE-SU-2019:2336-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • ft2demos-2.9-lp150.2 is installed
  • OR ftbench-2.9-lp150.2 is installed
  • OR ftdiff-2.9-lp150.2 is installed
  • OR ftdump-2.9-lp150.2 is installed
  • OR ftgamma-2.9-lp150.2 is installed
  • OR ftgrid-2.9-lp150.2 is installed
  • OR ftinspect-2.9-lp150.2 is installed
  • OR ftlint-2.9-lp150.2 is installed
  • OR ftmulti-2.9-lp150.2 is installed
  • OR ftstring-2.9-lp150.2 is installed
  • OR ftvalid-2.9-lp150.2 is installed
  • OR ftview-2.9-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • gnome-shell-3.26.2+20180130.0d9c74212-lp151.7.3 is installed
  • OR gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-lp151.7.3 is installed
  • OR gnome-shell-calendar-3.26.2+20180130.0d9c74212-lp151.7.3 is installed
  • OR gnome-shell-devel-3.26.2+20180130.0d9c74212-lp151.7.3 is installed
  • OR gnome-shell-lang-3.26.2+20180130.0d9c74212-lp151.7.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.79 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-71.79 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.79 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.79 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.79 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND wpa_supplicant-2.2-14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr4.10-30.5 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libXRes1-1.0.7-3 is installed
  • OR libXRes1-32bit-1.0.7-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • gnutls-3.2.15-18.6 is installed
  • OR libgnutls-openssl27-3.2.15-18.6 is installed
  • OR libgnutls28-3.2.15-18.6 is installed
  • OR libgnutls28-32bit-3.2.15-18.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_120-92_70-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_20-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • cvs-1.12.12-181 is installed
  • OR cvs-doc-1.12.12-181 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • krb5-appl-1.0.3-3.3 is installed
  • OR krb5-appl-clients-1.0.3-3.3 is installed
  • OR krb5-appl-servers-1.0.3-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • bind-9.9.9P1-63.17 is installed
  • OR bind-chrootenv-9.9.9P1-63.17 is installed
  • OR bind-doc-9.9.9P1-63.17 is installed
  • OR bind-libs-9.9.9P1-63.17 is installed
  • OR bind-libs-32bit-9.9.9P1-63.17 is installed
  • OR bind-utils-9.9.9P1-63.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • bluez-5.13-5.4 is installed
  • OR libbluetooth3-5.13-5.4 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-activemodel-4_2-4.2.2-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • perl-5.18.2-12.14 is installed
  • OR perl-32bit-5.18.2-12.14 is installed
  • OR perl-base-5.18.2-12.14 is installed
  • OR perl-doc-5.18.2-12.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
    • BACK