Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2811-1 Final 1 1 2018-09-24T06:07:27Z current 2018-09-24T06:07:27Z 2018-09-24T06:07:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html E-Mail link for openSUSE-SU-2018:2811-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ImageMagick-6.8.8.1-67.1 ImageMagick-devel-6.8.8.1-67.1 ImageMagick-devel-32bit-6.8.8.1-67.1 ImageMagick-doc-6.8.8.1-67.1 ImageMagick-extra-6.8.8.1-67.1 libMagick++-6_Q16-3-6.8.8.1-67.1 libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 libMagick++-devel-6.8.8.1-67.1 libMagick++-devel-32bit-6.8.8.1-67.1 libMagickCore-6_Q16-1-6.8.8.1-67.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 libMagickWand-6_Q16-1-6.8.8.1-67.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 perl-PerlMagick-6.8.8.1-67.1 ImageMagick-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 ImageMagick-devel-32bit-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 ImageMagick-doc-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 ImageMagick-extra-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagick++-devel-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagick++-devel-32bit-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 perl-PerlMagick-6.8.8.1-67.1 as a component of openSUSE Leap 42.3 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. CVE-2018-14434 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-14434.html CVE-2018-14434 https://bugzilla.suse.com/1102003 SUSE Bug 1102003 ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. CVE-2018-14435 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-14435.html CVE-2018-14435 https://bugzilla.suse.com/1102007 SUSE Bug 1102007 ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. CVE-2018-14436 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-14436.html CVE-2018-14436 https://bugzilla.suse.com/1102005 SUSE Bug 1102005 ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. CVE-2018-14437 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-14437.html CVE-2018-14437 https://bugzilla.suse.com/1102004 SUSE Bug 1102004 ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. CVE-2018-16323 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-16323.html CVE-2018-16323 https://bugzilla.suse.com/1106855 SUSE Bug 1106855 In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. CVE-2018-16329 openSUSE Leap 42.3:ImageMagick-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-devel-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-doc-6.8.8.1-67.1 openSUSE Leap 42.3:ImageMagick-extra-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-6_Q16-3-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagick++-devel-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickCore-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-32bit-6.8.8.1-67.1 openSUSE Leap 42.3:libMagickWand-6_Q16-1-6.8.8.1-67.1 openSUSE Leap 42.3:perl-PerlMagick-6.8.8.1-67.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00062.html https://www.suse.com/security/cve/CVE-2018-16329.html CVE-2018-16329 https://bugzilla.suse.com/1106858 SUSE Bug 1106858