Security update for ImageMagick
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:2952-1
Final
1
1
2016-11-30T09:43:20Z
current
2016-11-30T09:43:20Z
2016-11-30T09:43:20Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245]
- update incomplete patch of CVE-2016-6823 [bsc#1001066]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2016-1726,SUSE-SLE-DESKTOP-12-SP2-2016-1726,SUSE-SLE-RPI-12-SP2-2016-1726,SUSE-SLE-SDK-12-SP1-2016-1726,SUSE-SLE-SDK-12-SP2-2016-1726,SUSE-SLE-SERVER-12-SP1-2016-1726,SUSE-SLE-SERVER-12-SP2-2016-1726,SUSE-SLE-WE-12-SP1-2016-1726,SUSE-SLE-WE-12-SP2-2016-1726
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20162952-1/
Link for SUSE-SU-2016:2952-1
https://lists.suse.com/pipermail/sle-security-updates/2016-November/002430.html
E-Mail link for SUSE-SU-2016:2952-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1001066
SUSE Bug 1001066
https://bugzilla.suse.com/1007245
SUSE Bug 1007245
https://www.suse.com/security/cve/CVE-2016-6823/
SUSE CVE CVE-2016-6823 page
https://www.suse.com/security/cve/CVE-2016-8862/
SUSE CVE CVE-2016-8862 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
ImageMagick-6.8.8.1-47.1
libMagick++-6_Q16-3-6.8.8.1-47.1
libMagickCore-6_Q16-1-6.8.8.1-47.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
libMagickWand-6_Q16-1-6.8.8.1-47.1
ImageMagick-devel-6.8.8.1-47.1
libMagick++-devel-6.8.8.1-47.1
perl-PerlMagick-6.8.8.1-47.1
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server 12 SP1
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server 12 SP1
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server 12 SP2
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libMagickCore-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
libMagickWand-6_Q16-1-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
ImageMagick-devel-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
libMagick++-devel-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
perl-PerlMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
ImageMagick-devel-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
libMagick++-devel-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
perl-PerlMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1
libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1
ImageMagick-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP2
libMagick++-6_Q16-3-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP2
libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP2
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVE-2016-6823
SUSE Linux Enterprise Desktop 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:ImageMagick-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libMagick++-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:perl-PerlMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:ImageMagick-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libMagick++-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:perl-PerlMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
moderate
7.8
AV:N/AC:M/Au:N/C:N/I:P/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162952-1/
https://www.suse.com/security/cve/CVE-2016-6823.html
CVE-2016-6823
https://bugzilla.suse.com/1001066
SUSE Bug 1001066
https://bugzilla.suse.com/1002207
SUSE Bug 1002207
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2016-8862
SUSE Linux Enterprise Desktop 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Desktop 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libMagickCore-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libMagickWand-6_Q16-1-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:ImageMagick-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libMagick++-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP1:perl-PerlMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:ImageMagick-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libMagick++-devel-6.8.8.1-47.1
SUSE Linux Enterprise Software Development Kit 12 SP2:perl-PerlMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP1:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:ImageMagick-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:libMagick++-6_Q16-3-6.8.8.1-47.1
SUSE Linux Enterprise Workstation Extension 12 SP2:libMagickCore-6_Q16-1-32bit-6.8.8.1-47.1
moderate
7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162952-1/
https://www.suse.com/security/cve/CVE-2016-8862.html
CVE-2016-8862
https://bugzilla.suse.com/1007245
SUSE Bug 1007245
https://bugzilla.suse.com/1009318
SUSE Bug 1009318
https://bugzilla.suse.com/1031267
SUSE Bug 1031267