Oval Definition:oval:org.opensuse.security:def:56730
Revision Date:2020-12-01Version:1
Title:Security update for ImageMagick (Moderate)
Description:

This update for ImageMagick fixes several issues.

These security issues were fixed:

- CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168). - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630). - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434). - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735). - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837). - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792). - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291). - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283). - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362). - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348).
Family:unixClass:patch
Status:Reference(s):1024130
1043290
1050087
1051684
1051685
1053259
1056434
1058630
1059735
1060382
1066168
1066170
1082283
1082291
1082348
1082362
1082792
1082837
1083628
1083634
1086011
1092548
1112758
1120489
1120498
1120499
1120500
1120515
1120516
1120517
1131886
1137443
1143194
1143273
1170771
1172031
1172225
1172402
865241
949160
960319
992537
CVE-2011-1018
CVE-2012-4453
CVE-2015-7555
CVE-2016-3485
CVE-2016-3511
CVE-2016-3598
CVE-2017-11524
CVE-2017-12692
CVE-2017-12693
CVE-2017-13768
CVE-2017-14314
CVE-2017-14505
CVE-2017-14739
CVE-2017-15016
CVE-2017-15017
CVE-2017-16352
CVE-2017-16353
CVE-2017-18209
CVE-2017-18211
CVE-2017-3135
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
CVE-2017-9500
CVE-2018-16839
CVE-2018-20217
CVE-2018-20363
CVE-2018-20364
CVE-2018-20365
CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5168
CVE-2018-5174
CVE-2018-5178
CVE-2018-5183
CVE-2018-5817
CVE-2018-5818
CVE-2018-5819
CVE-2018-7443
CVE-2018-7470
CVE-2018-8804
CVE-2019-12735
CVE-2019-13057
CVE-2019-13565
CVE-2019-20807
CVE-2020-12243
CVE-2020-12405
CVE-2020-12406
CVE-2020-12410
SUSE-SU-2016:0202-1
SUSE-SU-2016:2726-1
SUSE-SU-2017:0596-1
SUSE-SU-2017:2355-1
SUSE-SU-2018:0857-1
SUSE-SU-2019:0113-1
SUSE-SU-2019:0127-1
SUSE-SU-2019:0996-1
SUSE-SU-2019:1456-1
SUSE-SU-2020:1210-1
SUSE-SU-2020:1550-1
SUSE-SU-2020:1563-1
SUSE-SU-403
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • cyrus-sasl-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-32bit-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-crammd5-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-crammd5-32bit-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-digestmd5-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-digestmd5-32bit-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-gssapi-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-gssapi-32bit-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-plain-2.1.26-lp150.3 is installed
  • OR cyrus-sasl-plain-32bit-2.1.26-lp150.3 is installed
  • OR libsasl2-3-2.1.26-lp150.3 is installed
  • OR libsasl2-3-32bit-2.1.26-lp150.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • gpg2-2.2.5-lp151.6.3 is installed
  • OR gpg2-lang-2.2.5-lp151.6.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 NonFree is installed
  • AND opera-63.0.3368.66-lp151.2.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.47 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-71.47 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.47 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • giflib-5.0.5-7 is installed
  • OR giflib-progs-5.0.5-7 is installed
  • OR libgif6-5.0.5-7 is installed
  • OR libgif6-32bit-5.0.5-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • postgresql94-9.4.13-21.5 is installed
  • OR postgresql94-contrib-9.4.13-21.5 is installed
  • OR postgresql94-docs-9.4.13-21.5 is installed
  • OR postgresql94-server-9.4.13-21.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • dracut-044-87 is installed
  • OR dracut-fips-044-87 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libzypp-16.17.20-27.52 is installed
  • OR zypper-1.13.45-18.33 is installed
  • OR zypper-log-1.13.45-18.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_53-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_16-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • dracut-044-113 is installed
  • OR dracut-fips-044-113 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • ceph-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR ceph-common-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR libcephfs2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librados2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR libradosstriper1-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librbd1-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librgw2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-cephfs-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rados-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rbd-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rgw-12.2.12+git.1587570958.35d78d0243-2.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_64-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_20-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND permissions-2015.09.28.1626-17.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libXpm4-3.5.11-5 is installed
  • OR libXpm4-32bit-3.5.11-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • MozillaFirefox-52.8.0esr-109.31 is installed
  • OR MozillaFirefox-devel-52.8.0esr-109.31 is installed
  • OR MozillaFirefox-translations-52.8.0esr-109.31 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • gvim-7.4.326-17.3 is installed
  • OR vim-7.4.326-17.3 is installed
  • OR vim-data-7.4.326-17.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • pdns-4.1.2-3.3 is installed
  • OR pdns-backend-mysql-4.1.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ghostscript-9.52-23.39 is installed
  • OR ghostscript-x11-9.52-23.39 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.32-3.28 is installed
  • OR mariadb-galera-10.2.32-3.28 is installed
    • BACK