Bug 1179333 (CVE-2020-27774)

Summary:	VUL-0: CVE-2020-27774: ImageMagick: integer overflow at MagickCore/statistic.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Alexandros Toptsoglou <atoptsoglou>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	smash_bz
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/272312/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-27774:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Alexandros Toptsoglou 2020-11-27 14:34:11 UTC

CVE-2020-27774

In ImageMagick, there is a shift exponent 65 is too large for 64-bit type 'ssize_t' at MagickCore/statistic.c.

Reference:
https://github.com/ImageMagick/ImageMagick/issues/1743

Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1898296
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27774

Comment 1 Alexandros Toptsoglou 2020-11-27 14:36:08 UTC

The POC is not available. The vulnerable code was not found in SLE11. Tracked as affected SLE12,SLE15 and SLE15-SP2.

Comment 2 Alexandros Toptsoglou 2020-11-30 08:00:55 UTC

The patch is the same as CVE-2020-27766 bsc#1179362

Comment 3 Alexandros Toptsoglou 2020-12-02 13:48:41 UTC

The fix is the same with CVE-2020-27766 bsc#1179361

Comment 4 Alexandros Toptsoglou 2020-12-02 13:49:43 UTC

(In reply to Alexandros Toptsoglou from comment #2)
> The patch is the same as CVE-2020-27766 bsc#1179362

correction CVE-2020-27776

Comment 5 Petr Gajdos 2020-12-04 08:48:21 UTC

ImageMagick6 commit
https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d

Comment 6 Petr Gajdos 2020-12-04 09:30:44 UTC

Will submit for 15sp2,15,12/ImageMagick.

Comment 7 Petr Gajdos 2020-12-04 13:46:53 UTC

See also bug 1179317 (CVE-2020-27764).

Comment 8 Petr Gajdos 2020-12-11 16:39:14 UTC

Packages submitted. I believe all fixed.

Comment 13 Swamp Workflow Management 2021-01-15 20:23:05 UTC

SUSE-SU-2021:0153-1: An update that fixes 34 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753
CVE References: CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    ImageMagick-7.0.7.34-10.9.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    ImageMagick-7.0.7.34-10.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2021-01-18 14:22:02 UTC

SUSE-SU-2021:0156-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753
CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Manager Retail Branch Server 4.0 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Manager Proxy 4.0 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Server for SAP 15 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Server 15-LTSS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    ImageMagick-7.0.7.34-3.90.1
SUSE Enterprise Storage 6 (src):    ImageMagick-7.0.7.34-3.90.1
SUSE CaaS Platform 4.0 (src):    ImageMagick-7.0.7.34-3.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2021-01-22 14:17:27 UTC

openSUSE-SU-2021:0136-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753
CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    ImageMagick-7.0.7.34-lp152.12.9.1

Comment 16 Swamp Workflow Management 2021-01-22 17:23:57 UTC

SUSE-SU-2021:0199-1: An update that fixes 32 vulnerabilities is now available.

Category: security (important)
Bug References: 1179103,1179202,1179208,1179212,1179223,1179240,1179244,1179260,1179268,1179269,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397
CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27757,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE OpenStack Cloud Crowbar 8 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE OpenStack Cloud 9 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE OpenStack Cloud 8 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE OpenStack Cloud 7 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP5 (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    ImageMagick-6.8.8.1-71.154.1
SUSE Enterprise Storage 5 (src):    ImageMagick-6.8.8.1-71.154.1
HPE Helion Openstack 8 (src):    ImageMagick-6.8.8.1-71.154.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2021-01-24 11:17:20 UTC

openSUSE-SU-2021:0148-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753
CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    ImageMagick-7.0.7.34-lp151.7.26.1

Comment 18 Alexandros Toptsoglou 2021-01-27 16:28:19 UTC

DONE