Security update for ImageMagick
SUSE Security Update: Security update for ImageMagick
This update of ImageMagick fixes multiple security
vulnerabilities that could be exploited by attackers via
specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when
processing EXIF directory entries with tags of e.g. format
5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
"number_bytes" and "offset" could lead to memory
corruption. CVE-2012-0248 / CVE-2012-1186: Denial of
service via "profile.c".
* CVE-2012-0260: Denial of service via JPEG restart
markers (excessive CPU consumption).
* CVE-2012-1798: Copying of invalid memory when reading
TIFF EXIF IFD.
Security Issue references:
* CVE-2012-0247
>
* CVE-2012-0248
>
* CVE-2012-1185
>
* CVE-2012-1186
>
* CVE-2012-0259
>
* CVE-2012-0260
>
* CVE-2012-1798
>
* CVE-2012-1610
>
http://support.novell.com/security/cve/CVE-2012-0247.html
http://support.novell.com/security/cve/CVE-2012-0248.html
http://support.novell.com/security/cve/CVE-2012-0259.html
http://support.novell.com/security/cve/CVE-2012-0260.html
http://support.novell.com/security/cve/CVE-2012-1185.html
http://support.novell.com/security/cve/CVE-2012-1186.html
http://support.novell.com/security/cve/CVE-2012-1610.html
http://support.novell.com/security/cve/CVE-2012-1798.html
https://bugzilla.novell.com/746880
https://bugzilla.novell.com/752879
https://bugzilla.novell.com/754749
https://bugzilla.novell.com/758512
http://download.suse.com/patch/finder/?keywords=02ea9cfe762a9d4a9f7250d6f994eb43
| Announcement ID: | SUSE-SU-2012:0763-1 |
| Rating: | moderate |
| References: | #746880 #752879 #754749 #758512 |
| Affected Products: |
An update that fixes 8 vulnerabilities is now available.
Description:
This update of ImageMagick fixes multiple security
vulnerabilities that could be exploited by attackers via
specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when
processing EXIF directory entries with tags of e.g. format
5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
"number_bytes" and "offset" could lead to memory
corruption. CVE-2012-0248 / CVE-2012-1186: Denial of
service via "profile.c".
* CVE-2012-0260: Denial of service via JPEG restart
markers (excessive CPU consumption).
* CVE-2012-1798: Copying of invalid memory when reading
TIFF EXIF IFD.
Security Issue references:
* CVE-2012-0247
* CVE-2012-0248
* CVE-2012-1185
* CVE-2012-1186
* CVE-2012-0259
* CVE-2012-0260
* CVE-2012-1798
* CVE-2012-1610
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-ImageMagick-6226 - SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-ImageMagick-6226 - SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-ImageMagick-6226 - SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-ImageMagick-6226
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
- ImageMagick-6.4.3.6-7.24.1
- ImageMagick-devel-6.4.3.6-7.24.1
- libMagick++-devel-6.4.3.6-7.24.1
- libMagick++1-6.4.3.6-7.24.1
- libMagickWand1-6.4.3.6-7.24.1
- perl-PerlMagick-6.4.3.6-7.24.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64):
- libMagickWand1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):
- ImageMagick-6.4.3.6-7.24.1
- ImageMagick-devel-6.4.3.6-7.24.1
- libMagick++-devel-6.4.3.6-7.24.1
- libMagick++1-6.4.3.6-7.24.1
- libMagickWand1-6.4.3.6-7.24.1
- perl-PerlMagick-6.4.3.6-7.24.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64):
- libMagickWand1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
- libMagickCore1-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
- libMagickCore1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):
- libMagickCore1-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):
- libMagickCore1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):
- libMagickCore1-6.4.3.6-7.24.1
- SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64):
- libMagickCore1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
- ImageMagick-6.4.3.6-7.24.1
- libMagick++1-6.4.3.6-7.24.1
- libMagickCore1-6.4.3.6-7.24.1
- libMagickWand1-6.4.3.6-7.24.1
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
- libMagickCore1-32bit-6.4.3.6-7.24.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):
- ImageMagick-6.4.3.6-7.24.1
- libMagick++1-6.4.3.6-7.24.1
- libMagickCore1-6.4.3.6-7.24.1
- libMagickWand1-6.4.3.6-7.24.1
- SUSE Linux Enterprise Desktop 11 SP1 (x86_64):
- libMagickCore1-32bit-6.4.3.6-7.24.1