[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1260-1 -- Suse ImageMagick

ID: oval:org.secpod.oval:def:400690Date: (C)2016-11-22   (M)2023-02-20
Class: PATCHFamily: unix




This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient shell characters filtering leads to code execution - CVE-2016-3715: Possible file deletion by using ImageMagick"s "ephemeral" pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick"s "msl" pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick"s "label" pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
ImageMagick
Reference:
SUSE-SU-2016:1260-1
CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718
CVE    5
CVE-2016-3714
CVE-2016-3716
CVE-2016-3717
CVE-2016-3715
...
CPE    8
cpe:/a:imagemagick:imagemagick:7.0.1-0
cpe:/a:imagemagick:imagemagick:7.0.0-0
cpe:/a:imagemagick:imagemagick:6.9.3-9
cpe:/a:imagemagick:imagemagick
...

© SecPod Technologies