Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2475-1 Final 1 1 2018-08-22T06:45:57Z current 2018-08-22T06:45:57Z 2018-08-22T06:45:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2018-14434: A memory leak for a colormap in WriteMPCImage incoders/mpc.c was fixed. (bsc#1102003) * CVE-2018-14435: A memory leak in DecodeImage in coders/pcd.c was fixed. (bsc#1102007) * CVE-2018-14436: A memory leak in ReadMIFFImage in coders/miff.c was fixed. (bsc#1102005) * CVE-2018-14437: A memory leak in parse8BIM in coders/meta.c was fixed. (bsc#1102004) Bug fix: - bsc#1094741: Fix unexpected result with `convert -compose`. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Desktop-Applications-15-2018-1740,SUSE-SLE-Module-Development-Tools-15-2018-1740 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182475-1/ Link for SUSE-SU-2018:2475-1 https://lists.suse.com/pipermail/sle-security-updates/2018-August/004488.html E-Mail link for SUSE-SU-2018:2475-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1094741 SUSE Bug 1094741 https://bugzilla.suse.com/1102003 SUSE Bug 1102003 https://bugzilla.suse.com/1102004 SUSE Bug 1102004 https://bugzilla.suse.com/1102005 SUSE Bug 1102005 https://bugzilla.suse.com/1102007 SUSE Bug 1102007 https://www.suse.com/security/cve/CVE-2018-14434/ SUSE CVE CVE-2018-14434 page https://www.suse.com/security/cve/CVE-2018-14435/ SUSE CVE CVE-2018-14435 page https://www.suse.com/security/cve/CVE-2018-14436/ SUSE CVE CVE-2018-14436 page https://www.suse.com/security/cve/CVE-2018-14437/ SUSE CVE CVE-2018-14437 page SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Development Tools 15 ImageMagick-7.0.7.34-3.14.1 ImageMagick-devel-7.0.7.34-3.14.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 libMagick++-devel-7.0.7.34-3.14.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 perl-PerlMagick-7.0.7.34-3.14.1 ImageMagick-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 ImageMagick-devel-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libMagick++-devel-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 perl-PerlMagick-7.0.7.34-3.14.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. CVE-2018-14434 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Development Tools 15:perl-PerlMagick-7.0.7.34-3.14.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182475-1/ https://www.suse.com/security/cve/CVE-2018-14434.html CVE-2018-14434 https://bugzilla.suse.com/1102003 SUSE Bug 1102003 ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. CVE-2018-14435 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Development Tools 15:perl-PerlMagick-7.0.7.34-3.14.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182475-1/ https://www.suse.com/security/cve/CVE-2018-14435.html CVE-2018-14435 https://bugzilla.suse.com/1102007 SUSE Bug 1102007 ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. CVE-2018-14436 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Development Tools 15:perl-PerlMagick-7.0.7.34-3.14.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182475-1/ https://www.suse.com/security/cve/CVE-2018-14436.html CVE-2018-14436 https://bugzilla.suse.com/1102005 SUSE Bug 1102005 ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. CVE-2018-14437 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:ImageMagick-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagick++-devel-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Desktop Applications 15:libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 SUSE Linux Enterprise Module for Development Tools 15:perl-PerlMagick-7.0.7.34-3.14.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182475-1/ https://www.suse.com/security/cve/CVE-2018-14437.html CVE-2018-14437 https://bugzilla.suse.com/1102004 SUSE Bug 1102004