Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-2667-1.NASL
HistoryOct 31, 2016 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2667-1)

2016-10-3100:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact.

  • CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)

  • CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)

  • CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)

  • CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328)

  • CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)

  • CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)

  • CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)

  • CVE-2016-7540: writing to RGF format aborts (bsc#1000394)

  • CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715)

  • CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712)

  • CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)

  • CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)

  • CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708)

  • CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)

  • CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706)

  • CVE-2016-7531: Pbd file out of bound access (bsc#1000704)

  • CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)

  • CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399)

  • CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434)

  • CVE-2016-7527: Out-of-bound access in wpg file coder:
    (bsc#1000436)

  • CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702)

  • CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)

  • CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)

  • CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)

  • CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)

  • CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697)

  • CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696)

  • CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)

  • CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694)

  • CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)

  • CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692)

  • CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)

  • CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)

  • CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686)

  • CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)

  • CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)

  • CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713)

  • CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)

  • CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)

  • CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)

  • Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)

  • Divide by zero in WriteTIFFImage (bsc#1002206)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:2667-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94433);
  script_version("2.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540", "CVE-2016-7799", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8677", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2667-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for ImageMagick fixes the following issues: These
vulnerabilities could be triggered by processing specially crafted
image files, which could lead to a process crash or resource
consumtion, or potentially have unspecified futher impact.

  - CVE-2016-8684: Mismatch between real filesize and header
    values (bsc#1005123)

  - CVE-2016-8683: Check that filesize is reasonable
    compared to the header value (bsc#1005127)

  - CVE-2016-8682: Stack-buffer read overflow while reading
    SCT header (bsc#1005125)

  - CVE-2016-8677: Memory allocation failure in
    AcquireQuantumPixels (bsc#1005328)

  - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues
    (bsc#1003629)

  - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to
    heap overflow (bsc#1002422)

  - CVE-2016-7799: mogrify global buffer overflow
    (bsc#1002421)

  - CVE-2016-7540: writing to RGF format aborts
    (bsc#1000394)

  - CVE-2016-7539: Potential DOS by not releasing memory
    (bsc#1000715)

  - CVE-2016-7538: SIGABRT for corrupted pdb file
    (bsc#1000712)

  - CVE-2016-7537: Out of bound access for corrupted pdb
    file (bsc#1000711)

  - CVE-2016-7535: Out of bound access for corrupted psd
    file (bsc#1000709)

  - CVE-2016-7534: Out of bound access in generic decoder
    (bsc#1000708)

  - CVE-2016-7533: Wpg file out of bound for corrupted file
    (bsc#1000707)

  - CVE-2016-7532: fix handling of corrupted psd file
    (bsc#1000706)

  - CVE-2016-7531: Pbd file out of bound access
    (bsc#1000704)

  - CVE-2016-7530: Out of bound in quantum handling
    (bsc#1000703)

  - CVE-2016-7529: Out-of-bound in quantum handling
    (bsc#1000399)

  - CVE-2016-7528: Out-of-bound access in xcf file coder
    (bsc#1000434)

  - CVE-2016-7527: Out-of-bound access in wpg file coder:
    (bsc#1000436)

  - CVE-2016-7526: out-of-bounds write in
    ./MagickCore/pixel-accessor.h (bsc#1000702)

  - CVE-2016-7525: Heap buffer overflow in psd file coder
    (bsc#1000701)

  - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow
    READ of size 1 in meta.c:465 (bsc#1000700)

  - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow
    READ of size 1 meta.c:496 (bsc#1000699)

  - CVE-2016-7522: Out of bound access for malformed psd
    file (bsc#1000698)

  - CVE-2016-7521: Heap buffer overflow in psd file handling
    (bsc#1000697)

  - CVE-2016-7520: Heap overflow in hdr file handling
    (bsc#1000696)

  - CVE-2016-7519: Out-of-bounds read in coders/rle.c
    (bsc#1000695)

  - CVE-2016-7518: Out-of-bounds read in coders/sun.c
    (bsc#1000694)

  - CVE-2016-7517: Out-of-bounds read in coders/pict.c
    (bsc#1000693)

  - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff
    and sun files (bsc#1000692)

  - CVE-2016-7515: Rle file handling for corrupted file
    (bsc#1000689)

  - CVE-2016-7514: Out-of-bounds read in coders/psd.c
    (bsc#1000688)

  - CVE-2016-7513: Off-by-one error leading to segfault
    (bsc#1000686)

  - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds
    Read Vulnerability (bsc#1001221)

  - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds
    Write Vulnerability (bsc#1001066)

  - CVE-2015-8959: dOS due to corrupted DDS files
    (bsc#1000713)

  - CVE-2015-8958: Potential DOS in sun file handling due to
    malformed files (bsc#1000691)

  - CVE-2015-8957: Buffer overflow in sun file handling
    (bsc#1000690)

  - CVE-2014-9907: DOS due to corrupted DDS files
    (bsc#1000714)

  - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders
    (bsc#1002209)

  - Divide by zero in WriteTIFFImage (bsc#1002206)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000436"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000686"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000688"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000691"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000694"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000697"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000698"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000700"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000701"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000702"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000703"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000704"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000706"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000707"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000713"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1000715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1001066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1001221"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002209"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002421"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1002422"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1003629"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005123"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005125"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005127"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005328"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-9907/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8957/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8958/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8959/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-6823/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7101/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7513/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7514/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7515/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7516/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7517/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7518/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7519/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7520/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7521/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7522/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7523/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7524/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7525/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7526/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7527/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7528/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7529/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7530/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7531/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7532/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7533/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7534/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7535/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7537/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7538/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7539/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7540/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7799/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7800/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7996/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7997/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-8677/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-8682/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-8683/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-8684/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20162667-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1aea0f46"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch
SUSE-SLE-WE-12-SP1-2016-1572=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2016-1572=1

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2016-1572=1

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP1-2016-1572=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"ImageMagick-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"ImageMagick-debugsource-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libMagickCore-6_Q16-1-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libMagickWand-6_Q16-1-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ImageMagick-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ImageMagick-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ImageMagick-debugsource-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagick++-6_Q16-3-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-6.8.8.1-40.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}
VendorProductVersionCPE
novellsuse_linuximagemagick-debuginfop-cpe:/a:novell:suse_linux:imagemagick-debuginfo
novellsuse_linuximagemagick-debugsourcep-cpe:/a:novell:suse_linux:imagemagick-debugsource
novellsuse_linuxlibmagick%2b%2b-6_q16p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16
novellsuse_linuxlibmagick%2b%2b-6_q16-3-debuginfop-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo
novellsuse_linuxlibmagickcore-6_q16p-cpe:/a:novell:suse_linux:libmagickcore-6_q16
novellsuse_linuxlibmagickcore-6_q16-1p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1
novellsuse_linuxlibmagickcore-6_q16-1-debuginfop-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo
novellsuse_linuxlibmagickwand-6_q16p-cpe:/a:novell:suse_linux:libmagickwand-6_q16
novellsuse_linuxlibmagickwand-6_q16-1-debuginfop-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo
novellsuse_linux12cpe:/o:novell:suse_linux:12
Rows per page:
1-10 of 111

References

Related

nessus 16
openvas 20
suse 2
fedora 2
osv 10
debian 6
amazon 1
mageia 3
ubuntu 1
veracode 21
debiancve 25
prion 30
cve 26
ubuntucve 30
alpinelinux 4
freebsd 1
redhatcve 1
nessus
nessus
openSUSE Security Update : ImageMagick (openSUSE-2016-1282)
2016-11-14 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2016-1242)
2016-10-31 00:00:00
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2964-1)
2016-12-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2667-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2964-1)
2021-06-09 00:00:00
Fedora Update for GraphicsMagick FEDORA-2017-d2bab54ac9
2017-03-13 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-12-01 18:07:53
Security update for GraphicsMagick (important)
2016-12-08 18:09:17
fedora
fedora
[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.25-6.fc25
2017-03-09 13:24:51
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.25-6.fc24
2017-03-11 11:52:39
osv
osv
imagemagick - security update
2016-08-25 00:00:00
graphicsmagick - security update
2016-10-26 00:00:00
graphicsmagick - security update
2016-12-24 00:00:00
debian
debian
[SECURITY] [DLA 683-1] graphicsmagick security update
2016-10-26 22:34:15
[SECURITY] [DLA 731-1] imagemagick security update
2016-12-02 05:44:49
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
amazon
amazon
Medium: GraphicsMagick
2017-04-20 06:08:00
mageia
mageia
The updated packages fix a security vulnerability
2016-10-08 23:18:54
Updated graphicsmagick packages fix security vulnerability
2016-10-26 02:11:42
Updated graphicsmagick packages fix security vulnerabilities
2017-07-30 18:58:51
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-04-21 08:53:30
Denial Of Service (DoS)
2017-04-21 06:32:11
Denial Of Service (DoS)
2017-12-20 04:57:03
debiancve
debiancve
CVE-2016-7534
2017-04-20 18:59:00
CVE-2016-7997
2017-01-18 17:59:00
CVE-2016-7523
2020-02-06 14:15:00
prion
prion
Out-of-bounds
2017-04-20 18:59:00
Out-of-bounds
2020-02-06 14:15:00
Out-of-bounds
2017-04-20 18:59:00
cve
cve
CVE-2016-7535
2017-04-20 18:59:00
CVE-2016-7532
2017-04-20 18:59:00
CVE-2016-7534
2017-04-20 18:59:00
ubuntucve
ubuntucve
CVE-2016-7527
2016-08-25 00:00:00
CVE-2016-7523
2016-08-25 00:00:00
CVE-2016-7530
2016-08-25 00:00:00
alpinelinux
alpinelinux
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-7997
2017-01-18 17:59:00
CVE-2014-9907
2017-04-19 14:59:00
freebsd
freebsd
GraphicsMagick -- multiple vulnerabilities
2017-07-04 00:00:00
redhatcve
redhatcve
CVE-2016-6823
2016-09-27 08:17:25
JSON
Related for SUSE_SU-2016-2667-1.NASL
nessus16openvas20suse2fedora2osv10debian6amazon1mageia3ubuntu1veracode21debiancve25prion30cve26ubuntucve30alpinelinux4freebsd1redhatcve1