Overview

File _patchinfo of Package patchinfo.5842

<patchinfo incident="5842">
  <issue id="1054924" tracker="bnc">L3: libMagickCore-6_Q16-1 seems broken since 6.8.8.1-47.1</issue>
  <issue id="1061873" tracker="bnc">VUL-0: CVE-2017-15033: GraphicsMagick,ImageMagick: denial of service (memory leak) in ReadYUVImage in coders/yuv.c</issue>
  <issue id="1049379" tracker="bnc">VUL-0: CVE-2017-11446: ImageMagick: The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 infinite loop vulnerability</issue>
  <issue id="1050135" tracker="bnc">VUL-1: CVE-2017-11534: GraphicsMagick, ImageMagick: Memory Leak in the lite_font_map() in coders/wmf.c</issue>
  <issue id="1052249" tracker="bnc">VUL-2: CVE-2017-12428: GraphicsMagick, ImageMagick: Memory leak in ReadWMFImage in coders/wmf.c, which allows attackers to cause DoS</issue>
  <issue id="1052253" tracker="bnc">VUL-2: CVE-2017-12431: GraphicsMagick, ImageMagick: Use-after-free in ReadWMFImage in coders/wmf.c, which allows attackers to cause DoS</issue>
  <issue id="1052545" tracker="bnc">VUL-2: CVE-2017-12433: ImageMagick: Memory leak in ReadPESImage in coders/pes.c, which allows attackers to cause DoS</issue>
  <issue id="1055219" tracker="bnc">VUL-1: CVE-2017-13133: ImageMagick: In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacksoffset validation, which allows attackers to cause a denial of service(load_tile memory exhaustion) via a crafted file</issue>
  <issue id="1055430" tracker="bnc">VUL-0: CVE-2017-13139: GraphicsMagick,ImageMagick: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, theReadOneMNGImage function in coders/png.c has an out-of-bounds read withthe MNG CLIP chunk.</issue>
  <issue id="2016-7530" tracker="cve" />
  <issue id="2017-11446" tracker="cve" />
  <issue id="2017-11534" tracker="cve" />
  <issue id="2017-12428" tracker="cve" />
  <issue id="2017-12431" tracker="cve" />
  <issue id="2017-12433" tracker="cve" />
  <issue id="2017-13133" tracker="cve" />
  <issue id="2017-13139" tracker="cve" />
  <issue id="2017-15033" tracker="cve" />

  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>

This update for ImageMagick fixes the following issues:

Security issues fixed:

* CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]
* CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)
* CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)
* CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)
* CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)
* CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)
* CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)
* CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430)

This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places