Lucene search

K
suseSuseOPENSUSE-SU-2019:2515-1
HistoryNov 15, 2019 - 12:00 a.m.

Security update for ImageMagick (moderate)

2019-11-1500:00:00
lists.opensuse.org
52

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

An update that fixes 11 vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

Security issues fixed:

  • CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage
    (bsc#1146213).
  • CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser
    (bsc#1146212).
  • CVE-2019-15141: Fixed a divide-by-zero vulnerability in the
    MeanShiftImage function (bsc#1146211).
  • CVE-2019-14980: Fixed an application crash resulting from a heap-based
    buffer over-read in WriteTIFFImage (bsc#1146068).
  • CVE-2019-14981: Fixed a use after free in the UnmapBlob function
    (bsc#1146065).
  • CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781).
  • CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782).
  • CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783).
  • CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in
    coders/ps2.c (bsc#1151784).
  • CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in
    coders/ps3.c (bsc#1151785).
  • CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786).

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2019-2515=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1i586< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.i586.rpm
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.1noarch< - openSUSE Leap 15.1 (noarch):- openSUSE Leap 15.1 (noarch):.noarch.rpm
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for OPENSUSE-SU-2019:2515-1