Branch sisyphus update bulletin.

Package ImageMagick updated to version 6.9.4.10-alt1 for branch sisyphus in task 166648.

Published: 2017-03-23

BDU:2017-00704

Уязвимость консольного графического редактора ImageMagick и операционной системы OpenSUSE Leap, позволяющая нарушителю загружать произвольные модули

Severity: MEDIUM (5.0)

References:

Published: 2017-03-23
Modified: 2024-11-21

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2017-03-03
Modified: 2024-11-21

CVE-2016-10061

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-5842

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-04-20
Modified: 2024-11-21

CVE-2016-7540

coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package attr updated to version 2.4.47.0.44.315a-alt1 for branch sisyphus in task 166649.

getfattr Segmentation fault on x86_64

Version: 2.1.0

Branch sisyphus update on 2016-07-05

ALT-BU-2016-2868-1

ALT-PU-2016-1708-1

Closed vulnerabilities

BDU:2017-00704

CVE-2016-10048

CVE-2016-10061

CVE-2016-5842

CVE-2016-7540

ALT-PU-2016-1709-1

Closed bugs

Bug #32244