Bugzilla – Bug 903204
VUL-1: CVE-2014-8354: ImageMagick: out-of-bounds memory access in resize code
Last modified: 2014-12-15 10:15:07 UTC
CVE-2014-8354 ImageMagick 6.8.9-9 fixes an unspecified bug in image resize code.Upstream released version 6.8.9-9 which fixes it. probably minor issue with low severity. References: https://bugs.gentoo.org/show_bug.cgi?id=527028 https://bugzilla.redhat.com/show_bug.cgi?id=1158518 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354
Fixed for factory.
Probably http://trac.imagemagick.org/changeset?reponame=&new=16765%40ImageMagick%2Ftrunk%2FMagickCore%2Fresize.c&old=15111%40ImageMagick%2Ftrunk%2FMagickCore%2Fresize.c
Hmm, redhat bug reffers to http://trac.imagemagick.org/changeset/16436#file0
I need more informations what actually has to be fixed than 'an unspecified bug in image resize code'.
According to http://seclists.org/fulldisclosure/2014/Nov/1 http://trac.imagemagick.org/changeset/16765
All packages are submitted I believe.
openSUSE-SU-2014:1396-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 903204,903216,903638 CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562 Sources used: openSUSE 13.2 (src): ImageMagick-6.8.9.8-4.1 openSUSE 13.1 (src): ImageMagick-6.8.6.9-2.24.1 openSUSE 12.3 (src): ImageMagick-6.7.8.8-4.17.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-11-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59636
openSUSE: mr#261433 sle12: mr#46276 11: sr#46277 10sp3: sr#46279
.
SUSE-SU-2014:1595-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 903204,903216,903638,905260 CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562,CVE-2014-8716 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): ImageMagick-6.8.8.1-8.2 SUSE Linux Enterprise Software Development Kit 12 (src): ImageMagick-6.8.8.1-8.2 SUSE Linux Enterprise Server 12 (src): ImageMagick-6.8.8.1-8.2 SUSE Linux Enterprise Desktop 12 (src): ImageMagick-6.8.8.1-8.2
SUSE-SU-2014:1631-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 903204,903216,903638,905260 CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562,CVE-2014-8716 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): ImageMagick-6.4.3.6-7.30.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): ImageMagick-6.4.3.6-7.30.1 SUSE Linux Enterprise Server 11 SP3 (src): ImageMagick-6.4.3.6-7.30.1 SUSE Linux Enterprise Desktop 11 SP3 (src): ImageMagick-6.4.3.6-7.30.1
rekleased