|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-27759: ImageMagick: outside the range of representable values of type 'int' at MagickCore/quantize.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/272320/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2020-27759:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexandros Toptsoglou
2020-11-27 09:39:07 UTC
The POC is not available. Tracked SLE12,SLE15 and SLE15-SP2. For SLE11 I am unsure because there is no cast to int when returning the value. The fix touches the fix for CVE-2019-11598 bsc#1136732 (In reply to Alexandros Toptsoglou from comment #1) > The POC is not available. Tracked SLE12,SLE15 and SLE15-SP2. For SLE11 I am > unsure because there is no cast to int when returning the value. The fix > touches the fix for CVE-2019-11598 bsc#1136732 Also look the fix for CVE-2020-27754 bsc#1179336 I tried to figure out the evolution of IntensityCompare() function: ImageMagick7: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e https://github.com/ImageMagick/ImageMagick/commit/0be0ea60f5e93b0b761b450c82a5ccd032622e12 https://github.com/ImageMagick/ImageMagick/commit/ebe397f8c0d828948a3a1d02dae199602230d4ad https://github.com/ImageMagick/ImageMagick/commit/fb2d8577b69d77d4dc7684cf5c6b161c80f92958 ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3 https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d https://github.com/ImageMagick/ImageMagick6/commit/2000dd1a7da8098483b8937b53ff3b6ff3048c97 https://github.com/ImageMagick/ImageMagick6/commit/8c5cbc85c397fff55b859b50c4bc2ab7a79571da https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233 https://github.com/ImageMagick/ImageMagick6/commit/00d80b8fe01ea6225e6579b543863cd384d9d69d Will submit for 15sp2,15,12,11/ImageMagick. Packages submitted. I believe all fixed. SUSE-SU-2021:0153-1: An update that fixes 34 vulnerabilities is now available. Category: security (moderate) Bug References: 1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): ImageMagick-7.0.7.34-10.9.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): ImageMagick-7.0.7.34-10.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:14598-1: An update that fixes 19 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179212,1179269,1179281,1179311,1179312,1179313,1179315,1179321,1179322,1179327,1179336,1179338,1179339,1179345,1179346,1179347,1179397 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25666,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27763,CVE-2020-27765,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27771,CVE-2020-27772,CVE-2020-27775 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ImageMagick-6.4.3.6-78.135.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0156-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: SUSE Manager Server 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Manager Retail Branch Server 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Manager Proxy 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server for SAP 15 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Enterprise Storage 6 (src): ImageMagick-7.0.7.34-3.90.1 SUSE CaaS Platform 4.0 (src): ImageMagick-7.0.7.34-3.90.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:0136-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: openSUSE Leap 15.2 (src): ImageMagick-7.0.7.34-lp152.12.9.1 SUSE-SU-2021:0199-1: An update that fixes 32 vulnerabilities is now available. Category: security (important) Bug References: 1179103,1179202,1179208,1179212,1179223,1179240,1179244,1179260,1179268,1179269,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27757,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud Crowbar 8 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 9 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 8 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 7 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): ImageMagick-6.8.8.1-71.154.1 SUSE Enterprise Storage 5 (src): ImageMagick-6.8.8.1-71.154.1 HPE Helion Openstack 8 (src): ImageMagick-6.8.8.1-71.154.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:0148-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: openSUSE Leap 15.1 (src): ImageMagick-7.0.7.34-lp151.7.26.1 DONE |