|Category:||SuSE Local Security Checks|
|Title:||SuSE Update for ImageMagick openSUSE-SU-2018:2811-1 (ImageMagick)|
|Summary:||The remote host is missing an update for the 'ImageMagick'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'ImageMagick'
package(s) announced via the referenced advisory.
This update for ImageMagick fixes the following issues:
The following security vulnerabilities were fixed:
- CVE-2018-16329: Prevent NULL pointer dereference in the
GetMagickProperty function leading to DoS (bsc#1106858)
- CVE-2018-16323: ReadXBMImage left data uninitialized when processing an
XBM file that has a negative pixel value. If the affected code was used
as a library loaded into a process that includes sensitive information,
that information sometimes can be leaked via the image data (bsc#1106855)
- CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage
- CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c
- CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c
- CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c
- Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml
This update was imported from the SUSE:SLE-12:Update update project.
To install this openSUSE Security Update use the SUSE recommended
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1038=1
ImageMagick on openSUSE Leap 42.3
Please install the updated packages.
Common Vulnerability Exposure (CVE) ID: CVE-2018-14434|
Common Vulnerability Exposure (CVE) ID: CVE-2018-14435
Common Vulnerability Exposure (CVE) ID: CVE-2018-14436
Common Vulnerability Exposure (CVE) ID: CVE-2018-14437
Common Vulnerability Exposure (CVE) ID: CVE-2018-16323
Common Vulnerability Exposure (CVE) ID: CVE-2018-16329
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.