SUSE-SU-2016:1260-1 -- Suse ImageMagickID: oval:org.secpod.oval:def:400690 | Date: (C)2016-11-22 (M)2023-02-20 |
Class: PATCH | Family: unix |
This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient shell characters filtering leads to code execution - CVE-2016-3715: Possible file deletion by using ImageMagick"s "ephemeral" pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick"s "msl" pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick"s "label" pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader
Platform: |
SUSE Linux Enterprise Server 12 SP1 |
SUSE Linux Enterprise Desktop 12 SP1 |
SUSE Linux Enterprise Desktop 12 |
SUSE Linux Enterprise Server 12 |