SUSE-SU-2012:0764-1: moderate: Security update for ImageMagick
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jun 19 15:08:29 MDT 2012
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0764-1
Rating: moderate
References: #746880 #752879 #754749 #758512
Cross-References: CVE-2012-0247 CVE-2012-0248 CVE-2012-0259
CVE-2012-0260 CVE-2012-1185 CVE-2012-1186
CVE-2012-1610
Affected Products:
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
This update of ImageMagick fixes multiple security
vulnerabilities that could have been exploited by
attackers via specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when
processing EXIF directory entries with tags of e.g. format
5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
"number_bytes" and "offset" could lead to memory corruption.
* CVE-2012-0248 / CVE-2012-1186: Denial of service via
"profile.c".
* CVE-2012-0260: Denial of service via JPEG restart
markers (excessive CPU consumption).
Security Issue references:
* CVE-2012-0247
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0247
>
* CVE-2012-0248
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248
>
* CVE-2012-1185
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1185
>
* CVE-2012-1186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1186
>
* CVE-2012-0259
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259
>
* CVE-2012-0260
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260
>
* CVE-2012-1610
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610
>
Package List:
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
ImageMagick-6.2.5-16.34.1
ImageMagick-Magick++-6.2.5-16.34.1
ImageMagick-devel-6.2.5-16.34.1
perl-PerlMagick-6.2.5-16.34.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
ImageMagick-6.2.5-16.34.1
ImageMagick-Magick++-6.2.5-16.34.1
ImageMagick-Magick++-devel-6.2.5-16.34.1
ImageMagick-devel-6.2.5-16.34.1
perl-PerlMagick-6.2.5-16.34.1
References:
http://support.novell.com/security/cve/CVE-2012-0247.html
http://support.novell.com/security/cve/CVE-2012-0248.html
http://support.novell.com/security/cve/CVE-2012-0259.html
http://support.novell.com/security/cve/CVE-2012-0260.html
http://support.novell.com/security/cve/CVE-2012-1185.html
http://support.novell.com/security/cve/CVE-2012-1186.html
http://support.novell.com/security/cve/CVE-2012-1610.html
https://bugzilla.novell.com/746880
https://bugzilla.novell.com/752879
https://bugzilla.novell.com/754749
https://bugzilla.novell.com/758512
http://download.novell.com/patch/finder/?keywords=73ca451abc4b60d47f7346db66e99f9a
More information about the sle-security-updates
mailing list