Security update for ImageMagick

Announcement ID:	SUSE-SU-2018:1178-1
Rating:	moderate
References:	bsc#1047356 bsc#1058635 bsc#1074117 bsc#1086773 bsc#1086782 bsc#1087027 bsc#1087033 bsc#1087037 bsc#1087039 bsc#1087825 bsc#1089781
Cross-References:	CVE-2017-1000476 CVE-2017-10928 CVE-2017-11450 CVE-2017-14325 CVE-2017-17887 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 CVE-2018-9135
CVSS scores:	CVE-2017-1000476 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-10928 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-10928 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-11450 ( SUSE ): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-11450 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-14325 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14325 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17887 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18250 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18250 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18251 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18251 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18252 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18252 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18254 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18254 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-10177 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-10177 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8960 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-8960 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-9018 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-9018 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-9135 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves 13 vulnerabilities can now be installed.

Description:

This update for ImageMagick fixes the following issues:

• CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allowed attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. [bsc#1058635]
• CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allowed attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. [bsc#1074117]
• CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service via a crafted file. [bsc#1087039]
• CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037]
• CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033]
• CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027]
• CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick did not properly restrict memory allocation, leading to a heap-based buffer over-read. [bsc#1086782]
• CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773]
• CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c could lead to denial of service. [bsc#1087825]
• CVE-2018-10177: In ImageMagick, there was an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. [bsc#1089781]
• CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356]

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-818=1
• SUSE Linux Enterprise Software Development Kit 12 SP3
  zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-818=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-818=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-818=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-818=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3
  zypper in -t patch SUSE-SLE-WE-12-SP3-2018-818=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.54.5
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.54.5
  • libMagickWand-6_Q16-1-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5
• SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
  • libMagick++-devel-6.8.8.1-71.54.5
  • ImageMagick-devel-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • ImageMagick-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-6.8.8.1-71.54.5
  • perl-PerlMagick-6.8.8.1-71.54.5
  • perl-PerlMagick-debuginfo-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • libMagickWand-6_Q16-1-6.8.8.1-71.54.5
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • libMagickWand-6_Q16-1-6.8.8.1-71.54.5
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5
  • libMagickWand-6_Q16-1-6.8.8.1-71.54.5
• SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.54.5
  • ImageMagick-debuginfo-6.8.8.1-71.54.5
  • ImageMagick-debugsource-6.8.8.1-71.54.5
  • ImageMagick-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-6.8.8.1-71.54.5
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.54.5
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5

References:

• https://www.suse.com/security/cve/CVE-2017-1000476.html
• https://www.suse.com/security/cve/CVE-2017-10928.html
• https://www.suse.com/security/cve/CVE-2017-11450.html
• https://www.suse.com/security/cve/CVE-2017-14325.html
• https://www.suse.com/security/cve/CVE-2017-17887.html
• https://www.suse.com/security/cve/CVE-2017-18250.html
• https://www.suse.com/security/cve/CVE-2017-18251.html
• https://www.suse.com/security/cve/CVE-2017-18252.html
• https://www.suse.com/security/cve/CVE-2017-18254.html
• https://www.suse.com/security/cve/CVE-2018-10177.html
• https://www.suse.com/security/cve/CVE-2018-8960.html
• https://www.suse.com/security/cve/CVE-2018-9018.html
• https://www.suse.com/security/cve/CVE-2018-9135.html
• https://bugzilla.suse.com/show_bug.cgi?id=1047356
• https://bugzilla.suse.com/show_bug.cgi?id=1058635
• https://bugzilla.suse.com/show_bug.cgi?id=1074117
• https://bugzilla.suse.com/show_bug.cgi?id=1086773
• https://bugzilla.suse.com/show_bug.cgi?id=1086782
• https://bugzilla.suse.com/show_bug.cgi?id=1087027
• https://bugzilla.suse.com/show_bug.cgi?id=1087033
• https://bugzilla.suse.com/show_bug.cgi?id=1087037
• https://bugzilla.suse.com/show_bug.cgi?id=1087039
• https://bugzilla.suse.com/show_bug.cgi?id=1087825
• https://bugzilla.suse.com/show_bug.cgi?id=1089781