[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1260-1 -- Suse ImageMagick

ID: oval:org.secpod.oval:def:400690Date: (C)2016-11-22   (M)2017-12-10
Class: PATCHFamily: unix




This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient shell characters filtering leads to code execution - CVE-2016-3715: Possible file deletion by using ImageMagick"s "ephemeral" pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick"s "msl" pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick"s "label" pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
ImageMagick
Reference:
SUSE-SU-2016:1260-1
CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718
CVE    5
CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
...
CPE    6
cpe:/o:suse:suse_linux_enterprise_server:12
cpe:/o:suse:suse_linux_enterprise_desktop:12
cpe:/a:imagemagick:imagemagick
cpe:/a:imagemagick:imagemagick:6.9.3-9
...

© 2013 SecPod Technologies