SUSE-SU-2019:1033-1 -- SLES ImageMagick, libMagickCore-6_Q16-1, libMagickWand-6_Q16-1ID: oval:org.secpod.oval:def:89043740 | Date: (C)2021-03-05 (M)2024-04-04 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel . - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage . - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function . - CVE-2018-20467: Fixed infinite loop in coders/bmp.c . - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage . - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage . - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel . - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel . - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks . - CVE-2018-16644: Fixed a regression in dcm coder . - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage . - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage . - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage . - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration.
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
ImageMagick |
libMagickCore-6_Q16-1 |
libMagickWand-6_Q16-1 |