Bugzilla – Bug 1110747
VUL-1: CVE-2018-17965: ImageMagick: Memory leak vulnerability in WriteSGIImage
Last modified: 2018-11-20 07:46:23 UTC
CVE-2018-17965 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. https://github.com/ImageMagick/ImageMagick/issues/1052 SLE 12 only References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17965 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17965.html
Even if there is a bit different code (iris_pixels), the CVE is applicable also for 11/*Magick.
Will submit for 12,11/ImageMagick and 11/GraphicsMagick.
Packages submitted. I believe all fixed.
SUSE-SU-2018:3191-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1098545,1098546,1110746,1110747,1111069,1111072 CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.82.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.82.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.82.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.82.1
openSUSE-SU-2018:3225-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1098545,1098546,1110746,1110747,1111069,1111072 CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-73.1
SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available. Category: security (low) Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072 CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024 Sources used: SUSE Studio Onsite 1.3 (src): GraphicsMagick-1.2.5-78.72.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): GraphicsMagick-1.2.5-78.72.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): GraphicsMagick-1.2.5-78.72.1
SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available. Category: security (moderate) Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072 CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ImageMagick-6.4.3.6-78.74.1 SUSE Linux Enterprise Server 11-SP4 (src): ImageMagick-6.4.3.6-78.74.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.74.1
released