Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick
Announcement ID: SUSE-SU-2018:0350-1
Rating: moderate
References: #1043353 #1043354 #1047908 #1050037 #1050072 #1050098 #1050100 #1050635 #1051442 #1052470 #1052708 #1052717 #1052721 #1052768 #1052777 #1052781 #1054600 #1055374 #1055455 #1055456 #1057000 #1060162 #1062752 #1072362 #1074120 #1074125 #1074185 #1074309 #1075939 #1076021 #1076051
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11-SP4
  • SUSE Linux Enterprise Server 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4
    		•

    An update that solves 30 vulnerabilities and has one errata is now available.

    Description:

    This update for ImageMagick fixes several issues.

    These security issues were fixed:

    - CVE-2018-5685: Prevent infinite loop and application hang in the
    ReadBMPImage function. Remote attackers could leverage this
    vulnerability to cause a denial
    of service via an image file with a crafted bit-field mask value
    (bsc#1075939)
    - CVE-2017-11639: Prevent heap-based buffer over-read in the
    WriteCIPImage() function, related to the GetPixelLuma function in
    MagickCore/pixel-accessor.h (bsc#1050635).
    - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function
    that allowed remote attackers to cause a denial of service (bsc#1050098).
    - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
    attackers to cause a denial of service (memory leak) via a crafted file
    (bsc#1043353)
    - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
    attackers to cause a denial of service (memory leak) via a crafted file
    (bsc#1043354)
    - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
    attackers to cause a denial of service (heap-based buffer over-read and
    application crash) via a crafted MNG image (bsc#1047908)
    - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
    coders/png.c (bsc#1050037)
    - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (large loop and CPU
    consumption) via a crafted file (bsc#1050072)
    - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (large loop and CPU
    consumption) via a crafted file (bsc#1050100)
    - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (NULL pointer dereference)
    via a crafted file (bsc#1051442)
    - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052470)
    - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052708)
    - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052717)
    - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an
    invalid free in the function RelinquishMagickMemory in
    MagickCore/memory.c, which allowed attackers to cause a denial of
    service (bsc#1052721)
    - CVE-2017-12643: Prevent a memory exhaustion vulnerability in
    ReadOneJNGImage in coders\png.c (bsc#1052768)
    - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
    in coders\png.c (bsc#1052777)
    - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in
    ReadOneMNGImage in coders/png.c (bsc#1052781)
    - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
    large MNG images, leading to an invalid memory read in the
    SetImageColorCallBack function in magick/image.c (bsc#1054600)
    - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
    in coders/png.c when a small MNG file has a MEND chunk with a large
    length value (bsc#1055374)
    - CVE-2017-13142: Added additional checks for short files to prevent a
    crafted PNG file from triggering a crash (bsc#1055455)
    - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c
    (bsc#1055456)
    - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
    coders/png.c did not properly manage image pointers after certain error
    conditions, which allowed remote attackers to conduct use-after-free
    attacks via a crafted file, related to a ReadMNGImage out-of-order
    CloseBlob call (bsc#1057000)
    - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly
    validate JNG data, leading to a denial of service (assertion failure in
    magick/pixel_cache.c, and application crash) (bsc#1060162)
    - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
    (bsc#1062752)
    - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file
    in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362)
    - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage
    in coders/png.c, related to length calculation and caused by an
    off-by-one error (bsc#1074125)
    - CVE-2017-17914: Prevent crafted files to cause a large loop in
    ReadOneMNGImage (bsc#1074185)
    - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in
    coders/png.c, which allowed attackers to cause a denial of service via a
    crafted PNG image file (bsc#1074120)
    - Prevent memory leak in svg.c, which allowed attackers to cause a denial
    of service via a crafted SVG image file (bsc#1074120)
    - Prevent small memory leak when processing PWP image files (bsc#1074309)
    - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which
    allowed remote attackers to cause a denial of service via a crafted file
    (bsc#1076021)
    - CVE-2017-18027: Prevent memory leak vulnerability in the function
    ReadMATImage which allowed remote attackers to cause a denial of service
    via a crafted file (bsc#1076051)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11-SP4:
      zypper in -t patch sdksp4-ImageMagick-13453=1
    • SUSE Linux Enterprise Server 11-SP4:
      zypper in -t patch slessp4-ImageMagick-13453=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-ImageMagick-13453=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • ImageMagick-6.4.3.6-7.78.29.2
      • ImageMagick-devel-6.4.3.6-7.78.29.2
      • libMagick++-devel-6.4.3.6-7.78.29.2
      • libMagick++1-6.4.3.6-7.78.29.2
      • libMagickWand1-6.4.3.6-7.78.29.2
      • perl-PerlMagick-6.4.3.6-7.78.29.2
    • SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
      • libMagickWand1-32bit-6.4.3.6-7.78.29.2
    • SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • libMagickCore1-6.4.3.6-7.78.29.2
    • SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
      • libMagickCore1-32bit-6.4.3.6-7.78.29.2
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • ImageMagick-debuginfo-6.4.3.6-7.78.29.2
      • ImageMagick-debugsource-6.4.3.6-7.78.29.2

    References: