Mailinglist Archive: opensuse-security-announce (66 mails)

< Previous Next >
[security-announce] openSUSE-SU-2020:0014-1: moderate: Security update for php7-imagick
openSUSE Security Update: Security update for php7-imagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0014-1
Rating: moderate
References: #1135418
Cross-References: CVE-2019-11037
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for php7-imagick fixes the following issues:

Upgrade to version 3.4.4:

Added:

* function Imagick::optimizeImageTransparency()
* METRIC_STRUCTURAL_SIMILARITY_ERROR
* METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD - https://github.com/facebook/zstd
* COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK
* FILTER_CUBIC_SPLINE - "Define the lobes with the -define
filter:lobes={2,3,4} (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506)."
* Imagick now explicitly conflicts with the Gmagick extension.

Fixes:

* Correct version check to make RemoveAlphaChannel and
FlattenAlphaChannel be available when using Imagick with ImageMagick
version 6.7.8-x
* Bug 77128 - Imagick::setImageInterpolateMethod() not available on
Windows
* Prevent memory leak when ImagickPixel::__construct called after object
instantiation.
* Prevent segfault when ImagickPixel internal constructor not called.
* Imagick::setResourceLimit support for values larger than 2GB (2^31) on
32bit platforms.
* Corrected memory overwrite in Imagick::colorDecisionListImage()
* Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. Fixes
CVE-2019-11037, boo#1135418

The following functions have been deprecated:

* ImagickDraw, matte
* Imagick::averageimages
* Imagick::colorfloodfillimage
* Imagick::filter
* Imagick::flattenimages
* Imagick::getimageattribute
* Imagick::getimagechannelextrema
* Imagick::getimageclipmask
* Imagick::getimageextrema
* Imagick::getimageindex
* Imagick::getimagematte
* Imagick::getimagemattecolor
* Imagick::getimagesize
* Imagick::mapimage
* Imagick::mattefloodfillimage
* Imagick::medianfilterimage
* Imagick::mosaicimages
* Imagick::orderedposterizeimage
* Imagick::paintfloodfillimage
* Imagick::paintopaqueimage
* Imagick::painttransparentimage
* Imagick::radialblurimage
* Imagick::recolorimage
* Imagick::reducenoiseimage
* Imagick::roundcornersimage
* Imagick::roundcorners
* Imagick::setimageattribute
* Imagick::setimagebias
* Imagick::setimageclipmask
* Imagick::setimageindex
* Imagick::setimagemattecolor
* Imagick::setimagebiasquantum
* Imagick::setimageopacity
* Imagick::transformimage


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-14=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-14=1



Package List:

- openSUSE Leap 15.1 (x86_64):

php7-imagick-3.4.4-lp151.8.3.1
php7-imagick-debuginfo-3.4.4-lp151.8.3.1
php7-imagick-debugsource-3.4.4-lp151.8.3.1

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

php7-imagick-3.4.4-bp151.2.3.1


References:

https://www.suse.com/security/cve/CVE-2019-11037.html
https://bugzilla.suse.com/1135418

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >