This update for ImageMagick fixes several issues. These security issues were fixed :
CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422).
CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422).
CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550).
CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049).
CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063).
CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460).
CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large ‘length’ field in the header but did not contain sufficient backing data, is provided, the loop over ‘length’ would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723).
CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053).
CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:0043-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(105719);
script_version("3.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-12563", "CVE-2017-12691", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-14042", "CVE-2017-14174", "CVE-2017-14343", "CVE-2017-15277", "CVE-2017-15281");
script_name(english:"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0043-1)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for ImageMagick fixes several issues. These security
issues were fixed :
- CVE-2017-14343: Fixed a memory leak vulnerability in
ReadXCFImage in coders/xcf.c via a crafted xcf image
file (bsc#1058422).
- CVE-2017-12691: The ReadOneLayer function in
coders/xcf.c allowed remote attackers to cause a denial
of service (memory consumption) via a crafted file
(bsc#1058422).
- CVE-2017-14042: Prevent memory allocation failure in the
ReadPNMImage function in coders/pnm.c. The vulnerability
caused a big memory allocation, which may have lead to
remote denial of service in the MagickRealloc function
in magick/memory.c (bsc#1056550).
- CVE-2017-15281: ReadPSDImage in coders/psd.c allowed
remote attackers to cause a denial of service
(application crash) or possibly have unspecified other
impact via a crafted file (bsc#1063049).
- CVE-2017-13061: A length-validation vulnerability in the
function ReadPSDLayersInternal in coders/psd.c allowed
attackers to cause a denial of service (ReadPSDImage
memory exhaustion) via a crafted file (bsc#1055063).
- CVE-2017-12563: A memory exhaustion vulnerability in the
function ReadPSDImage in coders/psd.c allowed attackers
to cause a denial of service (bsc#1052460).
- CVE-2017-14174: coders/psd.c allowed for DoS in
ReadPSDLayersInternal() due to lack of an EOF (End of
File) check might have caused huge CPU consumption. When
a crafted PSD file, which claims a large 'length' field
in the header but did not contain sufficient backing
data, is provided, the loop over 'length' would consume
huge CPU resources, since there is no EOF check inside
the loop (bsc#1057723).
- CVE-2017-13062: A memory leak vulnerability in the
function formatIPTC in coders/meta.c allowed attackers
to cause a denial of service (WriteMETAImage memory
consumption) via a crafted file (bsc#1055053).
- CVE-2017-15277: ReadGIFImage in coders/gif.c left the
palette uninitialized when processing a GIF file that
has neither a global nor local palette. If this
functionality was used as a library loaded into a
process that operates on interesting data, this data
sometimes could have been leaked via the uninitialized
palette (bsc#1063050).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1052460"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1055053"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1055063"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056550"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1057723"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1058422"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1063049"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1063050"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-12563/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-12691/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13061/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13062/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14042/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14174/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-14343/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-15277/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-15281/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20180043-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1cf271a7"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-ImageMagick-13399=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-ImageMagick-13399=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-ImageMagick-13399=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/05");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libMagickCore1-32bit-6.4.3.6-7.78.17.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libMagickCore1-32bit-6.4.3.6-7.78.17.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libMagickCore1-6.4.3.6-7.78.17.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | libmagickcore1 | p-cpe:/a:novell:suse_linux:libmagickcore1 |
novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15281
www.nessus.org/u?1cf271a7
bugzilla.suse.com/show_bug.cgi?id=1052460
bugzilla.suse.com/show_bug.cgi?id=1055053
bugzilla.suse.com/show_bug.cgi?id=1055063
bugzilla.suse.com/show_bug.cgi?id=1056550
bugzilla.suse.com/show_bug.cgi?id=1057723
bugzilla.suse.com/show_bug.cgi?id=1058422
bugzilla.suse.com/show_bug.cgi?id=1063049
bugzilla.suse.com/show_bug.cgi?id=1063050
www.suse.com/security/cve/CVE-2017-12563/
www.suse.com/security/cve/CVE-2017-12691/
www.suse.com/security/cve/CVE-2017-13061/
www.suse.com/security/cve/CVE-2017-13062/
www.suse.com/security/cve/CVE-2017-14042/
www.suse.com/security/cve/CVE-2017-14174/
www.suse.com/security/cve/CVE-2017-14343/
www.suse.com/security/cve/CVE-2017-15277/
www.suse.com/security/cve/CVE-2017-15281/