SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0581-1)

high Nessus Plugin ID 107116

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for ImageMagick fixes the following issues :

- CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911)

- CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file.
(bsc#1042824)

- CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110)

- CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for memory exhaustion via invalid colors data in the header of a TGA or VST file (bsc#1048272)

- CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375)

- CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374)

- CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119)

- CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122)

- CVE-2017-11531: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
(bsc#1050126)

- CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132)

- CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048)

- CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617)

- CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207)

- CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248)

- CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251)

- CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254)

- CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472)

- CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file.
(bsc#1052761)

- CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754)

- CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c.
(bsc#1052750)

- CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c.
(bsc#1052747)

- CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c.
(bsc#1052688)

- CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711)

- CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069)

- CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229)

- CVE-2017-14060: A NULL pointer Dereference issue in the ReadCUTImage function in coders/cut.c was fixed that could have caused a Denial of Service (bsc#1056768)

- CVE-2017-14139: A memory leak vulnerability in WriteMSLImage in coders/msl.c was fixed. (bsc#1057163)

- CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009)

- CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898)

- CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119)

- CVE-2017-17934: A memory leak in the function MSLPopImage and ProcessMSLScript could have lead to a denial of service (bsc#1074170)

- CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182)

- CVE-2018-5357: ImageMagick had memory leaks in the ReadDCMImage function in coders/dcm.c. (bsc#1075821)

- CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer.
The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2018-391=1

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2018-391=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-391=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-391=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-391=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-391=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-391=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-391=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-391=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1042824

https://bugzilla.suse.com/show_bug.cgi?id=1042911

https://bugzilla.suse.com/show_bug.cgi?id=1048110

https://bugzilla.suse.com/show_bug.cgi?id=1048272

https://bugzilla.suse.com/show_bug.cgi?id=1049374

https://bugzilla.suse.com/show_bug.cgi?id=1049375

https://bugzilla.suse.com/show_bug.cgi?id=1050048

https://bugzilla.suse.com/show_bug.cgi?id=1050119

https://bugzilla.suse.com/show_bug.cgi?id=1050122

https://bugzilla.suse.com/show_bug.cgi?id=1050126

https://bugzilla.suse.com/show_bug.cgi?id=1050132

https://bugzilla.suse.com/show_bug.cgi?id=1050617

https://bugzilla.suse.com/show_bug.cgi?id=1052207

https://bugzilla.suse.com/show_bug.cgi?id=1052248

https://bugzilla.suse.com/show_bug.cgi?id=1052251

https://bugzilla.suse.com/show_bug.cgi?id=1052254

https://bugzilla.suse.com/show_bug.cgi?id=1052472

https://bugzilla.suse.com/show_bug.cgi?id=1052688

https://bugzilla.suse.com/show_bug.cgi?id=1052711

https://bugzilla.suse.com/show_bug.cgi?id=1052747

https://bugzilla.suse.com/show_bug.cgi?id=1052750

https://bugzilla.suse.com/show_bug.cgi?id=1052754

https://bugzilla.suse.com/show_bug.cgi?id=1052761

https://bugzilla.suse.com/show_bug.cgi?id=1055069

https://bugzilla.suse.com/show_bug.cgi?id=1055229

https://bugzilla.suse.com/show_bug.cgi?id=1056768

https://bugzilla.suse.com/show_bug.cgi?id=1057163

https://bugzilla.suse.com/show_bug.cgi?id=1058009

https://bugzilla.suse.com/show_bug.cgi?id=1072898

https://bugzilla.suse.com/show_bug.cgi?id=1074119

https://bugzilla.suse.com/show_bug.cgi?id=1074170

https://bugzilla.suse.com/show_bug.cgi?id=1075821

https://bugzilla.suse.com/show_bug.cgi?id=1076182

https://bugzilla.suse.com/show_bug.cgi?id=1078433

https://www.suse.com/security/cve/CVE-2017-11166/

https://www.suse.com/security/cve/CVE-2017-11170/

https://www.suse.com/security/cve/CVE-2017-11448/

https://www.suse.com/security/cve/CVE-2017-11450/

https://www.suse.com/security/cve/CVE-2017-11528/

https://www.suse.com/security/cve/CVE-2017-11530/

https://www.suse.com/security/cve/CVE-2017-11531/

https://www.suse.com/security/cve/CVE-2017-11533/

https://www.suse.com/security/cve/CVE-2017-11537/

https://www.suse.com/security/cve/CVE-2017-11638/

https://www.suse.com/security/cve/CVE-2017-11642/

https://www.suse.com/security/cve/CVE-2017-12418/

https://www.suse.com/security/cve/CVE-2017-12427/

https://www.suse.com/security/cve/CVE-2017-12429/

https://www.suse.com/security/cve/CVE-2017-12432/

https://www.suse.com/security/cve/CVE-2017-12566/

https://www.suse.com/security/cve/CVE-2017-12654/

https://www.suse.com/security/cve/CVE-2017-12663/

https://www.suse.com/security/cve/CVE-2017-12664/

https://www.suse.com/security/cve/CVE-2017-12665/

https://www.suse.com/security/cve/CVE-2017-12668/

https://www.suse.com/security/cve/CVE-2017-12674/

https://www.suse.com/security/cve/CVE-2017-13058/

https://www.suse.com/security/cve/CVE-2017-13131/

https://www.suse.com/security/cve/CVE-2017-14060/

https://www.suse.com/security/cve/CVE-2017-14139/

https://www.suse.com/security/cve/CVE-2017-14224/

https://www.suse.com/security/cve/CVE-2017-17682/

https://www.suse.com/security/cve/CVE-2017-17885/

https://www.suse.com/security/cve/CVE-2017-17934/

https://www.suse.com/security/cve/CVE-2017-18028/

https://www.suse.com/security/cve/CVE-2017-9405/

https://www.suse.com/security/cve/CVE-2017-9407/

https://www.suse.com/security/cve/CVE-2018-5357/

https://www.suse.com/security/cve/CVE-2018-6405/

http://www.nessus.org/u?f1802ee9

Plugin Details

Severity: High

ID: 107116

File Name: suse_SU-2018-0581-1.nasl

Version: 3.4

Type: local

Agent: unix

Published: 3/2/2018

Updated: 9/10/2019

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:imagemagick, p-cpe:/a:novell:suse_linux:imagemagick-debuginfo, p-cpe:/a:novell:suse_linux:imagemagick-debugsource, p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16, p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo, p-cpe:/a:novell:suse_linux:libmagickcore-6_q16, p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1, p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo, p-cpe:/a:novell:suse_linux:libmagickwand-6_q16, p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/1/2018

Vulnerability Publication Date: 6/2/2017

Reference Information

CVE: CVE-2017-11166, CVE-2017-11170, CVE-2017-11448, CVE-2017-11450, CVE-2017-11528, CVE-2017-11530, CVE-2017-11531, CVE-2017-11533, CVE-2017-11537, CVE-2017-11638, CVE-2017-11642, CVE-2017-12418, CVE-2017-12427, CVE-2017-12429, CVE-2017-12432, CVE-2017-12566, CVE-2017-12654, CVE-2017-12663, CVE-2017-12664, CVE-2017-12665, CVE-2017-12668, CVE-2017-12674, CVE-2017-13058, CVE-2017-13131, CVE-2017-14060, CVE-2017-14139, CVE-2017-14224, CVE-2017-17682, CVE-2017-17885, CVE-2017-17934, CVE-2017-18028, CVE-2017-9405, CVE-2017-9407, CVE-2018-5357, CVE-2018-6405