SUSE-SU-2018:0350-1: moderate: Security update for ImageMagick

Fri Feb 2 07:14:06 MST 2018

   SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0350-1
Rating:             moderate
References:         #1043353 #1043354 #1047908 #1050037 #1050072 
                    #1050098 #1050100 #1050635 #1051442 #1052470 
                    #1052708 #1052717 #1052721 #1052768 #1052777 
                    #1052781 #1054600 #1055374 #1055455 #1055456 
                    #1057000 #1060162 #1062752 #1072362 #1074120 
                    #1074125 #1074185 #1074309 #1075939 #1076021 
                    #1076051 
Cross-References:   CVE-2017-10995 CVE-2017-11505 CVE-2017-11525
                    CVE-2017-11526 CVE-2017-11539 CVE-2017-11639
                    CVE-2017-11750 CVE-2017-12565 CVE-2017-12640
                    CVE-2017-12641 CVE-2017-12643 CVE-2017-12671
                    CVE-2017-12673 CVE-2017-12676 CVE-2017-12935
                    CVE-2017-13141 CVE-2017-13142 CVE-2017-13147
                    CVE-2017-14103 CVE-2017-14649 CVE-2017-15218
                    CVE-2017-17504 CVE-2017-17879 CVE-2017-17884
                    CVE-2017-17914 CVE-2017-18027 CVE-2017-18029
                    CVE-2017-9261 CVE-2017-9262 CVE-2018-5685

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 30 vulnerabilities and has one errata
   is now available.

Description:

   This update for ImageMagick fixes several issues.

   These security issues were fixed:

   - CVE-2018-5685: Prevent infinite loop and application hang in the
     ReadBMPImage function. Remote attackers could leverage this
     vulnerability to cause a denial
     of service via an image file with a crafted bit-field mask value
      (bsc#1075939)
   - CVE-2017-11639: Prevent heap-based buffer over-read in the
     WriteCIPImage() function, related to the GetPixelLuma function in
     MagickCore/pixel-accessor.h (bsc#1050635).
   - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function
     that allowed remote attackers to cause a denial of service (bsc#1050098).
   - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed
     attackers to cause a denial of service (memory leak) via a crafted file
     (bsc#1043353)
   - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed
     attackers to cause a denial of service (memory leak) via a crafted file
     (bsc#1043354)
   - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote
     attackers to cause a denial of service (heap-based buffer over-read and
     application crash) via a crafted MNG image (bsc#1047908)
   - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in
     coders/png.c (bsc#1050037)
   - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (large loop and CPU
     consumption) via a crafted file (bsc#1050072)
   - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (large loop and CPU
     consumption) via a crafted file (bsc#1050100)
   - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed
     remote attackers to cause a denial of service (NULL pointer dereference)
     via a crafted file (bsc#1051442)
   - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052470)
   - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052708)
   - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in
     coders/png.c, which allowed attackers to cause a denial of service
     (bsc#1052717)
   - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an
     invalid free in the function RelinquishMagickMemory in
     MagickCore/memory.c, which allowed attackers to cause a denial of
     service (bsc#1052721)
   - CVE-2017-12643: Prevent a memory exhaustion vulnerability in
     ReadOneJNGImage in coders\png.c (bsc#1052768)
   - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage
     in coders\png.c (bsc#1052777)
   - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in
     ReadOneMNGImage in coders/png.c (bsc#1052781)
   - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled
     large MNG images, leading to an invalid memory read in the
     SetImageColorCallBack function in magick/image.c (bsc#1054600)
   - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage
     in coders/png.c when a small MNG file has a MEND chunk with a large
     length value (bsc#1055374)
   - CVE-2017-13142: Added additional checks for short files to prevent a
     crafted PNG file from triggering a crash (bsc#1055455)
   - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c
     (bsc#1055456)
   - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in
     coders/png.c did not properly manage image pointers after certain error
     conditions, which allowed remote attackers to conduct use-after-free
     attacks via a crafted file, related to a ReadMNGImage out-of-order
     CloseBlob call (bsc#1057000)
   - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly
     validate JNG data, leading to a denial of service (assertion failure in
     magick/pixel_cache.c, and application crash) (bsc#1060162)
   - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c
     (bsc#1062752)
   - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file
     in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362)
   - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage
     in coders/png.c, related to length calculation and caused by an
     off-by-one error (bsc#1074125)
   - CVE-2017-17914: Prevent crafted files to cause a large loop in
     ReadOneMNGImage (bsc#1074185)
   - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in
     coders/png.c, which allowed attackers to cause a denial of service via a
     crafted PNG image file (bsc#1074120)
   - Prevent memory leak in svg.c, which allowed attackers to cause a denial
     of service via a crafted SVG image file (bsc#1074120)
   - Prevent small memory leak when processing PWP image files (bsc#1074309)
   - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which
     allowed remote attackers to cause a denial of service via a crafted file
     (bsc#1076021)
   - CVE-2017-18027: Prevent memory leak vulnerability in the function
     ReadMATImage which allowed remote attackers to cause a denial of service
     via a crafted file (bsc#1076051)

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-ImageMagick-13453=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-ImageMagick-13453=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-ImageMagick-13453=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      ImageMagick-6.4.3.6-7.78.29.2
      ImageMagick-devel-6.4.3.6-7.78.29.2
      libMagick++-devel-6.4.3.6-7.78.29.2
      libMagick++1-6.4.3.6-7.78.29.2
      libMagickWand1-6.4.3.6-7.78.29.2
      perl-PerlMagick-6.4.3.6-7.78.29.2

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libMagickWand1-32bit-6.4.3.6-7.78.29.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libMagickCore1-6.4.3.6-7.78.29.2

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libMagickCore1-32bit-6.4.3.6-7.78.29.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      ImageMagick-debuginfo-6.4.3.6-7.78.29.2
      ImageMagick-debugsource-6.4.3.6-7.78.29.2

References:

   https://www.suse.com/security/cve/CVE-2017-10995.html
   https://www.suse.com/security/cve/CVE-2017-11505.html
   https://www.suse.com/security/cve/CVE-2017-11525.html
   https://www.suse.com/security/cve/CVE-2017-11526.html
   https://www.suse.com/security/cve/CVE-2017-11539.html
   https://www.suse.com/security/cve/CVE-2017-11639.html
   https://www.suse.com/security/cve/CVE-2017-11750.html
   https://www.suse.com/security/cve/CVE-2017-12565.html
   https://www.suse.com/security/cve/CVE-2017-12640.html
   https://www.suse.com/security/cve/CVE-2017-12641.html
   https://www.suse.com/security/cve/CVE-2017-12643.html
   https://www.suse.com/security/cve/CVE-2017-12671.html
   https://www.suse.com/security/cve/CVE-2017-12673.html
   https://www.suse.com/security/cve/CVE-2017-12676.html
   https://www.suse.com/security/cve/CVE-2017-12935.html
   https://www.suse.com/security/cve/CVE-2017-13141.html
   https://www.suse.com/security/cve/CVE-2017-13142.html
   https://www.suse.com/security/cve/CVE-2017-13147.html
   https://www.suse.com/security/cve/CVE-2017-14103.html
   https://www.suse.com/security/cve/CVE-2017-14649.html
   https://www.suse.com/security/cve/CVE-2017-15218.html
   https://www.suse.com/security/cve/CVE-2017-17504.html
   https://www.suse.com/security/cve/CVE-2017-17879.html
   https://www.suse.com/security/cve/CVE-2017-17884.html
   https://www.suse.com/security/cve/CVE-2017-17914.html
   https://www.suse.com/security/cve/CVE-2017-18027.html
   https://www.suse.com/security/cve/CVE-2017-18029.html
   https://www.suse.com/security/cve/CVE-2017-9261.html
   https://www.suse.com/security/cve/CVE-2017-9262.html
   https://www.suse.com/security/cve/CVE-2018-5685.html
   https://bugzilla.suse.com/1043353
   https://bugzilla.suse.com/1043354
   https://bugzilla.suse.com/1047908
   https://bugzilla.suse.com/1050037
   https://bugzilla.suse.com/1050072
   https://bugzilla.suse.com/1050098
   https://bugzilla.suse.com/1050100
   https://bugzilla.suse.com/1050635
   https://bugzilla.suse.com/1051442
   https://bugzilla.suse.com/1052470
   https://bugzilla.suse.com/1052708
   https://bugzilla.suse.com/1052717
   https://bugzilla.suse.com/1052721
   https://bugzilla.suse.com/1052768
   https://bugzilla.suse.com/1052777
   https://bugzilla.suse.com/1052781
   https://bugzilla.suse.com/1054600
   https://bugzilla.suse.com/1055374
   https://bugzilla.suse.com/1055455
   https://bugzilla.suse.com/1055456
   https://bugzilla.suse.com/1057000
   https://bugzilla.suse.com/1060162
   https://bugzilla.suse.com/1062752
   https://bugzilla.suse.com/1072362
   https://bugzilla.suse.com/1074120
   https://bugzilla.suse.com/1074125
   https://bugzilla.suse.com/1074185
   https://bugzilla.suse.com/1074309
   https://bugzilla.suse.com/1075939
   https://bugzilla.suse.com/1076021
   https://bugzilla.suse.com/1076051