Security update for ImageMagick

SUSE Security Update: Security update for ImageMagick
Announcement ID: SUSE-SU-2019:14043-1
Rating: moderate
References: #1130330 #1131317 #1132053 #1132060 #1133204 #1133205 #1133498 #1133501
Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11009 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-9956
Affected Products:
  • SUSE Linux Enterprise Debuginfo 11-SP4

An update that fixes 8 vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:
Security issues fixed:

  • CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330).
  • CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317).
  • CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060).
  • CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053).
  • CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204).
  • CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205).
  • CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
  • CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-ImageMagick-14043=1

Package List:

  • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
    • ImageMagick-debuginfo-6.4.3.6-78.97.1
    • ImageMagick-debugsource-6.4.3.6-78.97.1

References: