Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick
Announcement ID: SUSE-SU-2018:0349-1
Rating: moderate
References: #1043353 #1043354 #1047908 #1050037 #1050072 #1050098 #1050100 #1050635 #1051442 #1052470 #1052708 #1052717 #1052721 #1052768 #1052777 #1052781 #1054600 #1055068 #1055374 #1055455 #1055456 #1057000 #1060162 #1062752 #1072362 #1072901 #1074120 #1074125 #1074185 #1074309 #1075939 #1076021 #1076051
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP3
  • SUSE Linux Enterprise Workstation Extension 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12-SP2
  • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Server 12-SP3
  • SUSE Linux Enterprise Server 12-SP2
  • SUSE Linux Enterprise Desktop 12-SP3
  • SUSE Linux Enterprise Desktop 12-SP2

  • An update that fixes 34 vulnerabilities is now available.

    Description:

    This update for ImageMagick fixes several issues.

    These security issues were fixed:

    - CVE-2017-18027: Prevent memory leak vulnerability in the function
    ReadMATImage which allowed remote attackers to cause a denial of service
    via a crafted file (bsc#1076051)
    - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which
    allowed remote attackers to cause a denial of service via a crafted file
    (bsc#1076021)
    - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip
    in coders/psd.c, which allowed attackers to cause a denial of service
    (CPU exhaustion) via a crafted psd image file (bsc#1072901).
    - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed
    attackers to cause a denial of service via a PWP file (bsc#1074309).
    - CVE-2018-5685: Prevent infinite loop and application hang in the
    ReadBMPImage function. Remote attackers could leverage this
    vulnerability to cause a denial
    of service via an image file with a crafted bit-field mask value
    (bsc#1075939)
    - CVE-2017-11639: Prevent heap-based buffer over-read in the
    WriteCIPImage() function, related to the GetPixelLuma function in
    MagickCore/pixel-accessor.h (bsc#1050635)
    - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function
    that allowed remote attackers to cause a denial of service (bsc#1050098)
    - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
    attackers to cause a denial of service (memory leak) via a crafted file
    (bsc#1043353).
    - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
    attackers to cause a denial of service (memory leak) via a crafted file
    (bsc#1043354).
    - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
    attackers to cause a denial of service (heap-based buffer over-read and
    application crash) via a crafted MNG image (bsc#1047908).
    - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
    coders/png.c (bsc#1050037).
    - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (large loop and CPU
    consumption) via a crafted file (bsc#1050072).
    - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (large loop and CPU
    consumption) via a crafted file (bsc#1050100).
    - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
    remote attackers to cause a denial of service (NULL pointer dereference)
    via a crafted file (bsc#1051442).
    - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052470).
    - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052708).
    - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (bsc#1052717).
    - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an
    invalid free in the function RelinquishMagickMemory in
    MagickCore/memory.c, which allowed attackers to cause a denial of
    service (bsc#1052721).
    - CVE-2017-12643: Prevent a memory exhaustion vulnerability in
    ReadOneJNGImage in coders\png.c (bsc#1052768).
    - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
    in coders\png.c (bsc#1052777).
    - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in
    ReadOneMNGImage in coders/png.c (bsc#1052781).
    - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
    large MNG images, leading to an invalid memory read in the
    SetImageColorCallBack function in magick/image.c (bsc#1054600).
    - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in
    coders/png.c, which allowed attackers to cause a denial of service
    (WriteJNGImage memory consumption) via a crafted file (bsc#1055068).
    - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
    in coders/png.c when a small MNG file has a MEND chunk with a large
    length value (bsc#1055374).
    - CVE-2017-13142: Added additional checks for short files to prevent a
    crafted PNG file from triggering a crash (bsc#1055455).
    - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c
    (bsc#1055456).
    - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
    coders/png.c did not properly manage image pointers after certain error
    conditions, which allowed remote attackers to conduct use-after-free
    attacks via a crafted file, related to a ReadMNGImage out-of-order
    CloseBlob call (bsc#1057000).
    - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly
    validate JNG data, leading to a denial of service (assertion failure in
    magick/pixel_cache.c, and application crash) (bsc#1060162).
    - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
    (bsc#1062752).
    - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file
    in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362).
    - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in
    coders/png.c, which allowed attackers to cause a denial of service via a
    crafted PNG image file (bsc#1074120).
    - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage
    in coders/png.c, related to length calculation and caused by an
    off-by-one error (bsc#1074125).
    - CVE-2017-17914: Prevent crafted files to cause a large loop in
    ReadOneMNGImage (bsc#1074185).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP3:
      zypper in -t patch SUSE-SLE-WE-12-SP3-2018-244=1
    • SUSE Linux Enterprise Workstation Extension 12-SP2:
      zypper in -t patch SUSE-SLE-WE-12-SP2-2018-244=1
    • SUSE Linux Enterprise Software Development Kit 12-SP3:
      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-244=1
    • SUSE Linux Enterprise Software Development Kit 12-SP2:
      zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-244=1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
      zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-244=1
    • SUSE Linux Enterprise Server 12-SP3:
      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-244=1
    • SUSE Linux Enterprise Server 12-SP2:
      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-244=1
    • SUSE Linux Enterprise Desktop 12-SP3:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-244=1
    • SUSE Linux Enterprise Desktop 12-SP2:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-244=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • ImageMagick-devel-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagick++-devel-6.8.8.1-71.33.1
      • perl-PerlMagick-6.8.8.1-71.33.1
      • perl-PerlMagick-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • ImageMagick-devel-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagick++-devel-6.8.8.1-71.33.1
      • perl-PerlMagick-6.8.8.1-71.33.1
      • perl-PerlMagick-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1
    • SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
      • ImageMagick-6.8.8.1-71.33.1
      • ImageMagick-debuginfo-6.8.8.1-71.33.1
      • ImageMagick-debugsource-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-6.8.8.1-71.33.1
      • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1
      • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-6.8.8.1-71.33.1
      • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1

    References: