Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux

Summary

IBM Integration Bus Hypervisor Edition V9.0 ship with Red Hat Enterprise Linux (RHEL) Server 6.2 which is vulnerable to:CVE-2019-13298, CVE-2019-13297, CVE-2019-13296, CVE-2019-13295, CVE-2019-13301, CVE-2019-13300, CVE-2019-13299

Vulnerability Details

CVEID:CVE-2019-13298
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165672 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-13297
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165674 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-13296
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165676 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-13295
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165675 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-13301
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165668 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-13300
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165669 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-13299
**DESCRIPTION:**ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165670 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends that you contact Red Hat to obtain and install fixes for Red Hat Enterprise Linux (RHEL) Server 6.2, as applicable.

Workarounds and Mitigations

None