Security update for ImageMagick

Announcement ID:	SUSE-SU-2018:0857-1
Rating:	moderate
References:	bsc#1043290 bsc#1050087 bsc#1056434 bsc#1058630 bsc#1059735 bsc#1060382 bsc#1066168 bsc#1066170 bsc#1082283 bsc#1082291 bsc#1082348 bsc#1082362 bsc#1082792 bsc#1082837 bsc#1083628 bsc#1083634 bsc#1086011
Cross-References:	CVE-2017-11524 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14505 CVE-2017-14739 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18209 CVE-2017-18211 CVE-2017-9500 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804
CVSS scores:	CVE-2017-11524 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11524 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12692 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-12693 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-13768 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-13768 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-13768 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14314 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14505 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14505 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-14739 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15016 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-15016 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15017 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-15017 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-16352 ( SUSE ): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-16352 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-16353 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-16353 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2017-18209 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18209 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-18211 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18211 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9500 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-9500 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-7443 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-7443 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-7470 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-7470 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8804 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-8804 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Linux Enterprise Software Development Kit 12 12-SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3 SUSE Linux Enterprise Workstation Extension 12 SP2

An update that solves 17 vulnerabilities can now be installed.

Description:

This update for ImageMagick fixes several issues.

These security issues were fixed:

• CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011).
• CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087).
• CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628).
• CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634).
• CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290).
• CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382).
• CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170).
• CVE-2017-16352: Prevent a heap-based buffer overflow in the "Display visual image directory" feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168).
• CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630).
• CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434).
• CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735).
• CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837).
• CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792).
• CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291).
• CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283).
• CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362).
• CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-572=1
• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-572=1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-572=1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2
  zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-572=1
• SUSE Linux Enterprise Software Development Kit 12 SP3
  zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-572=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-572=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-572=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-572=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-572=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-572=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-572=1
• SUSE Linux Enterprise Workstation Extension 12 SP2
  zypper in -t patch SUSE-SLE-WE-12-SP2-2018-572=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3
  zypper in -t patch SUSE-SLE-WE-12-SP3-2018-572=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
  • ImageMagick-devel-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagick++-devel-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • perl-PerlMagick-debuginfo-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1
  • perl-PerlMagick-6.8.8.1-71.47.1
• SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
  • ImageMagick-devel-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagick++-devel-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • perl-PerlMagick-debuginfo-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1
  • perl-PerlMagick-6.8.8.1-71.47.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • libMagickCore-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1
  • libMagickWand-6_Q16-1-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Workstation Extension 12 SP2 (x86_64)
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
  • ImageMagick-debugsource-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1
  • libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1
  • ImageMagick-6.8.8.1-71.47.1
  • ImageMagick-debuginfo-6.8.8.1-71.47.1
  • libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1

References:

• https://www.suse.com/security/cve/CVE-2017-11524.html
• https://www.suse.com/security/cve/CVE-2017-12692.html
• https://www.suse.com/security/cve/CVE-2017-12693.html
• https://www.suse.com/security/cve/CVE-2017-13768.html
• https://www.suse.com/security/cve/CVE-2017-14314.html
• https://www.suse.com/security/cve/CVE-2017-14505.html
• https://www.suse.com/security/cve/CVE-2017-14739.html
• https://www.suse.com/security/cve/CVE-2017-15016.html
• https://www.suse.com/security/cve/CVE-2017-15017.html
• https://www.suse.com/security/cve/CVE-2017-16352.html
• https://www.suse.com/security/cve/CVE-2017-16353.html
• https://www.suse.com/security/cve/CVE-2017-18209.html
• https://www.suse.com/security/cve/CVE-2017-18211.html
• https://www.suse.com/security/cve/CVE-2017-9500.html
• https://www.suse.com/security/cve/CVE-2018-7443.html
• https://www.suse.com/security/cve/CVE-2018-7470.html
• https://www.suse.com/security/cve/CVE-2018-8804.html
• https://bugzilla.suse.com/show_bug.cgi?id=1043290
• https://bugzilla.suse.com/show_bug.cgi?id=1050087
• https://bugzilla.suse.com/show_bug.cgi?id=1056434
• https://bugzilla.suse.com/show_bug.cgi?id=1058630
• https://bugzilla.suse.com/show_bug.cgi?id=1059735
• https://bugzilla.suse.com/show_bug.cgi?id=1060382
• https://bugzilla.suse.com/show_bug.cgi?id=1066168
• https://bugzilla.suse.com/show_bug.cgi?id=1066170
• https://bugzilla.suse.com/show_bug.cgi?id=1082283
• https://bugzilla.suse.com/show_bug.cgi?id=1082291
• https://bugzilla.suse.com/show_bug.cgi?id=1082348
• https://bugzilla.suse.com/show_bug.cgi?id=1082362
• https://bugzilla.suse.com/show_bug.cgi?id=1082792
• https://bugzilla.suse.com/show_bug.cgi?id=1082837
• https://bugzilla.suse.com/show_bug.cgi?id=1083628
• https://bugzilla.suse.com/show_bug.cgi?id=1083634
• https://bugzilla.suse.com/show_bug.cgi?id=1086011