SUSE-SU-2012:0764-1: moderate: Security update for ImageMagick

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 19 15:08:29 MDT 2012


   SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0764-1
Rating:             moderate
References:         #746880 #752879 #754749 #758512 
Cross-References:   CVE-2012-0247 CVE-2012-0248 CVE-2012-0259
                    CVE-2012-0260 CVE-2012-1185 CVE-2012-1186
                    CVE-2012-1610
Affected Products:
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:


   This update of ImageMagick fixes multiple security
   vulnerabilities that  could have been exploited by
   attackers via specially crafted image files:

   * CVE-2012-0259 / CVE-2012-1610: Integer overflow when
   processing EXIF directory entries with tags of e.g. format
   5 (EXIF_FMT_URATIONAL) and a large components count.
   * CVE-2012-0247 / CVE-2012-1185: Integer overflows via
   "number_bytes" and "offset" could lead to memory corruption.
   * CVE-2012-0248 / CVE-2012-1186: Denial of service via
   "profile.c".
   * CVE-2012-0260: Denial of service via JPEG restart
   markers (excessive CPU consumption).

   Security Issue references:

   * CVE-2012-0247
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0247
   >
   * CVE-2012-0248
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248
   >
   * CVE-2012-1185
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1185
   >
   * CVE-2012-1186
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1186
   >
   * CVE-2012-0259
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259
   >
   * CVE-2012-0260
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260
   >
   * CVE-2012-1610
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610
   >



Package List:

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      ImageMagick-6.2.5-16.34.1
      ImageMagick-Magick++-6.2.5-16.34.1
      ImageMagick-devel-6.2.5-16.34.1
      perl-PerlMagick-6.2.5-16.34.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      ImageMagick-6.2.5-16.34.1
      ImageMagick-Magick++-6.2.5-16.34.1
      ImageMagick-Magick++-devel-6.2.5-16.34.1
      ImageMagick-devel-6.2.5-16.34.1
      perl-PerlMagick-6.2.5-16.34.1


References:

   http://support.novell.com/security/cve/CVE-2012-0247.html
   http://support.novell.com/security/cve/CVE-2012-0248.html
   http://support.novell.com/security/cve/CVE-2012-0259.html
   http://support.novell.com/security/cve/CVE-2012-0260.html
   http://support.novell.com/security/cve/CVE-2012-1185.html
   http://support.novell.com/security/cve/CVE-2012-1186.html
   http://support.novell.com/security/cve/CVE-2012-1610.html
   https://bugzilla.novell.com/746880
   https://bugzilla.novell.com/752879
   https://bugzilla.novell.com/754749
   https://bugzilla.novell.com/758512
   http://download.novell.com/patch/finder/?keywords=73ca451abc4b60d47f7346db66e99f9a



More information about the sle-security-updates mailing list