Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2016-1512.NASL
HistoryDec 27, 2016 - 12:00 a.m.

openSUSE Security Update : ImageMagick (openSUSE-2016-1512)

2016-12-2700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

This security update for ImageMagick fixes the following issues :

  • a maliciously crafted compressed TIFF image could cause code remote code execution in the convert utility in particular circumstances (CVE-2016-8707, boo#1014159)

  • a memory allocation failure was fixed (CVE-2016-8866, boo#1009318, follow up on CVE-2016-8862)

  • the identify utility could crash on maliciously crafted images (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1512.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(96133);
  script_version("3.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9556", "CVE-2016-9773");

  script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2016-1512)");
  script_summary(english:"Check for the openSUSE-2016-1512 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security update for ImageMagick fixes the following issues :

  - a maliciously crafted compressed TIFF image could cause
    code remote code execution in the convert utility in
    particular circumstances (CVE-2016-8707, boo#1014159)

  - a memory allocation failure was fixed (CVE-2016-8866,
    boo#1009318, follow up on CVE-2016-8862)

  - the identify utility could crash on maliciously crafted
    images (CVE-2016-9773, boo#1013376, follow up on
    CVE-2016-9556)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1009318"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1014159"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected ImageMagick packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-debugsource-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-devel-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-extra-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"ImageMagick-extra-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagick++-6_Q16-5-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagick++-devel-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagickCore-6_Q16-2-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagickWand-6_Q16-2-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"perl-PerlMagick-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"perl-PerlMagick-debuginfo-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"ImageMagick-devel-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagick++-6_Q16-5-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagick++-devel-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc");
}
VendorProductVersionCPE
novellopensuseimagemagickp-cpe:/a:novell:opensuse:imagemagick
novellopensuseimagemagick-debuginfop-cpe:/a:novell:opensuse:imagemagick-debuginfo
novellopensuseimagemagick-debugsourcep-cpe:/a:novell:opensuse:imagemagick-debugsource
novellopensuseimagemagick-develp-cpe:/a:novell:opensuse:imagemagick-devel
novellopensuseimagemagick-devel-32bitp-cpe:/a:novell:opensuse:imagemagick-devel-32bit
novellopensuseimagemagick-extrap-cpe:/a:novell:opensuse:imagemagick-extra
novellopensuseimagemagick-extra-debuginfop-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo
novellopensuselibmagick%2b%2b-6_q16-5p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5
novellopensuselibmagick%2b%2b-6_q16-5-32bitp-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit
novellopensuselibmagick%2b%2b-6_q16-5-debuginfop-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo
Rows per page:
1-10 of 241

Related

suse 5
openvas 50
nessus 29
debian 2
ubuntucve 6
osv 8
cve 6
redhatcve 6
prion 6
debiancve 6
freebsd 1
veracode 3
cloudfoundry 2
ubuntu 2
checkpoint_advisories 1
seebug 1
myhack58 1
talos 1
mageia 1
fedora 25
suse
suse
Security update for ImageMagick (important)
2016-12-22 15:08:57
Security update for ImageMagick (important)
2016-12-23 16:09:35
Security update for ImageMagick (important)
2017-01-04 18:07:50
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)
2016-12-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3258-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3256-1)
2021-06-09 00:00:00
nessus
nessus
Debian DLA-756-1 : imagemagick security update
2016-12-22 00:00:00
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)
2016-12-27 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2017-14)
2017-01-05 00:00:00
debian
debian
[SECURITY] [DLA 756-1] imagemagick security update
2016-12-22 01:52:15
[SECURITY] [DSA 3799-1] imagemagick security update
2017-03-01 22:06:44
ubuntucve
ubuntucve
CVE-2016-9773
2017-02-17 00:00:00
CVE-2016-8862
2016-10-21 00:00:00
CVE-2016-8866
2017-02-15 00:00:00
osv
osv
CVE-2016-8866
2017-02-15 19:59:01
CVE-2016-9773
2017-02-17 02:59:14
CVE-2017-7275
2017-03-27 18:59:00
cve
cve
CVE-2016-9773
2017-02-17 02:59:00
CVE-2016-8866
2017-02-15 19:59:00
CVE-2017-7275
2017-03-27 18:59:00
redhatcve
redhatcve
CVE-2016-9773
2016-12-05 09:47:26
CVE-2016-8866
2016-10-26 08:51:29
CVE-2017-7275
2017-03-31 13:48:09
prion
prion
Heap overflow
2017-02-17 02:59:00
Memory corruption
2017-02-15 19:59:00
Design/Logic Flaw
2017-03-27 18:59:00
debiancve
debiancve
CVE-2016-9773
2017-02-17 02:59:00
CVE-2016-8866
2017-02-15 19:59:00
CVE-2017-7275
2017-03-27 18:59:00
freebsd
freebsd
ImageMagick7 -- multiple vulnerabilities
2016-09-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-06-11 08:24:11
Denial Of Service (DoS)
2017-03-24 06:28:58
Remote Code Execution (RCE)
2017-04-03 02:50:30
cloudfoundry
cloudfoundry
USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry
2016-12-27 00:00:00
USN-3222-1: ImageMagick vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-30 00:00:00
ImageMagick vulnerabilities
2017-03-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Imagemagick Compressed TIFF File Conversion Remote Code Execution (CVE-2016-8707)
2016-12-29 00:00:00
seebug
seebug
ImageMagick Convert Tiff Adobe Deflate 任意代码执行漏洞(CVE-2016-8707)
2016-12-08 00:00:00
myhack58
myhack58
ImageMagick compression of TIFF image remote code execution vulnerability, CVE-2016-8707-a vulnerability warning-the black bar safety net
2016-12-08 00:00:00
talos
talos
ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability
2016-12-03 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2018-05-12 09:28:12
fedora
fedora
[SECURITY] Fedora 26 Update: k3d-0.8.0.6-8.fc26
2017-09-19 03:27:27
[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1
2017-09-19 03:27:26
[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-4.fc26.2
2017-09-19 03:27:34
JSON
Related for OPENSUSE-2016-1512.NASL
suse5openvas50nessus29debian2ubuntucve6osv8cve6redhatcve6prion6debiancve6freebsd1veracode3cloudfoundry2ubuntu2checkpoint_advisories1seebug1myhack581talos1mageia1fedora25