openSUSE Security Update: Security update for php7-imagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0014-1
Rating: moderate
References: #1135418
Cross-References: CVE-2019-11037
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for php7-imagick fixes the following issues:
Upgrade to version 3.4.4:
Added:
* function Imagick::optimizeImageTransparency()
* METRIC_STRUCTURAL_SIMILARITY_ERROR
* METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD – https://github.com/facebook/zstd
* COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK
* FILTER_CUBIC_SPLINE – “Define the lobes with the -define
filter:lobes={2,3,4} (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506).”
* Imagick now explicitly conflicts with the Gmagick extension.
Fixes:
* Correct version check to make RemoveAlphaChannel and
FlattenAlphaChannel be available when using Imagick with ImageMagick
version 6.7.8-x
* Bug 77128 – Imagick::setImageInterpolateMethod() not available on
Windows
* Prevent memory leak when ImagickPixel::__construct called after object
instantiation.
* Prevent segfault when ImagickPixel internal constructor not called.
* Imagick::setResourceLimit support for values larger than 2GB (2^31) on
32bit platforms.
* Corrected memory overwrite in Imagick::colorDecisionListImage()
* Bug 77791 – ImagickKernel::fromMatrix() out of bounds write. Fixes
CVE-2019-11037, boo#1135418
The following functions have been deprecated:
* ImagickDraw, matte
* Imagick::averageimages
* Imagick::colorfloodfillimage
* Imagick::filter
* Imagick::flattenimages
* Imagick::getimageattribute
* Imagick::getimagechannelextrema
* Imagick::getimageclipmask
* Imagick::getimageextrema
* Imagick::getimageindex
* Imagick::getimagematte
* Imagick::getimagemattecolor
* Imagick::getimagesize
* Imagick::mapimage
* Imagick::mattefloodfillimage
* Imagick::medianfilterimage
* Imagick::mosaicimages
* Imagick::orderedposterizeimage
* Imagick::paintfloodfillimage
* Imagick::paintopaqueimage
* Imagick::painttransparentimage
* Imagick::radialblurimage
* Imagick::recolorimage
* Imagick::reducenoiseimage
* Imagick::roundcornersimage
* Imagick::roundcorners
* Imagick::setimageattribute
* Imagick::setimagebias
* Imagick::setimageclipmask
* Imagick::setimageindex
* Imagick::setimagemattecolor
* Imagick::setimagebiasquantum
* Imagick::setimageopacity
* Imagick::transformimage
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-14=1
– openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-14=1
– SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2020-14=1
Package List:
– openSUSE Leap 15.1 (x86_64):
php7-imagick-3.4.4-lp151.8.3.1
php7-imagick-debuginfo-3.4.4-lp151.8.3.1
php7-imagick-debugsource-3.4.4-lp151.8.3.1
– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
php7-imagick-3.4.4-bp151.2.3.1
– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
php7-imagick-3.4.4-5.1
References:
https://www.suse.com/security/cve/CVE-2019-11037.html
https://bugzilla.suse.com/1135418
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
openSUSE Security Update: Security update for php7-imagick
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0014-1
Rating: moderate
References: #1135418
Cross-References: CVE-2019-11037
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for php7-imagick fixes the following issues:
Upgrade to version 3.4.4:
Added:
* function Imagick::optimizeImageTransparency()
* METRIC_STRUCTURAL_SIMILARITY_ERROR
* METRIC_STRUCTURAL_DISSIMILARITY_ERROR
* COMPRESSION_ZSTD – https://github.com/facebook/zstd
* COMPRESSION_WEBP
* CHANNEL_COMPOSITE_MASK
* FILTER_CUBIC_SPLINE – “Define the lobes with the -define
filter:lobes={2,3,4} (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506).”
* Imagick now explicitly conflicts with the Gmagick extension.
Fixes:
* Correct version check to make RemoveAlphaChannel and
FlattenAlphaChannel be available when using Imagick with ImageMagick
version 6.7.8-x
* Bug 77128 – Imagick::setImageInterpolateMethod() not available on
Windows
* Prevent memory leak when ImagickPixel::__construct called after object
instantiation.
* Prevent segfault when ImagickPixel internal constructor not called.
* Imagick::setResourceLimit support for values larger than 2GB (2^31) on
32bit platforms.
* Corrected memory overwrite in Imagick::colorDecisionListImage()
* Bug 77791 – ImagickKernel::fromMatrix() out of bounds write. Fixes
CVE-2019-11037, boo#1135418
The following functions have been deprecated:
* ImagickDraw, matte
* Imagick::averageimages
* Imagick::colorfloodfillimage
* Imagick::filter
* Imagick::flattenimages
* Imagick::getimageattribute
* Imagick::getimagechannelextrema
* Imagick::getimageclipmask
* Imagick::getimageextrema
* Imagick::getimageindex
* Imagick::getimagematte
* Imagick::getimagemattecolor
* Imagick::getimagesize
* Imagick::mapimage
* Imagick::mattefloodfillimage
* Imagick::medianfilterimage
* Imagick::mosaicimages
* Imagick::orderedposterizeimage
* Imagick::paintfloodfillimage
* Imagick::paintopaqueimage
* Imagick::painttransparentimage
* Imagick::radialblurimage
* Imagick::recolorimage
* Imagick::reducenoiseimage
* Imagick::roundcornersimage
* Imagick::roundcorners
* Imagick::setimageattribute
* Imagick::setimagebias
* Imagick::setimageclipmask
* Imagick::setimageindex
* Imagick::setimagemattecolor
* Imagick::setimagebiasquantum
* Imagick::setimageopacity
* Imagick::transformimage
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-14=1
– openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-14=1
Package List:
– openSUSE Leap 15.1 (x86_64):
php7-imagick-3.4.4-lp151.8.3.1
php7-imagick-debuginfo-3.4.4-lp151.8.3.1
php7-imagick-debugsource-3.4.4-lp151.8.3.1
– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
php7-imagick-3.4.4-bp151.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-11037.html
https://bugzilla.suse.com/1135418
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
