Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick

Announcement ID:	SUSE-SU-2017:2199-1
Rating:	important
References:	#1042812 #1042826 #1043289 #1049072
Affected Products:	SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2

An update that fixes four vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:
- CVE-2017-9439: A memory leak was found in the function ReadPDBImage
incoders/pdb.c (bsc#1042826)
- CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin
coders/psd.c (bsc#1042812)
- CVE-2017-9501: An assertion failure could cause a denial of service via
a crafted file (bsc#1043289)
- CVE-2017-11403: ReadMNGImage function in coders/png.c has an
out-of-order CloseBlob call, resulting in a use-after-free via acrafted
file (bsc#1049072)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1343=1
SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1343=1
SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1343=1
SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1343=1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1343=1
SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1343=1
SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1343=1
SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1343=1
SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1343=1

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- ImageMagick-devel-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagick++-devel-6.8.8.1-71.5.3
- perl-PerlMagick-6.8.8.1-71.5.3
- perl-PerlMagick-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- ImageMagick-devel-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagick++-devel-6.8.8.1-71.5.3
- perl-PerlMagick-6.8.8.1-71.5.3
- perl-PerlMagick-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3
SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
- ImageMagick-6.8.8.1-71.5.3
- ImageMagick-debuginfo-6.8.8.1-71.5.3
- ImageMagick-debugsource-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-6.8.8.1-71.5.3
- libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3
- libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-6.8.8.1-71.5.3
- libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3

Security update for ImageMagick

Description:

Patch Instructions:

Package List:

References:

Business-Critical Linux

Enterprise Container Management

Edge

Soluções

Industries

Ofertas de suporte

Serviços globais da SUSE

Recursos de suporte

Parceiros

Communities

Sobre