This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-3348-1.NASLSUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3348-1)
This update for ImageMagick fixes the following security issue :
CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170).
CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283)
CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282)
CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989).
CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855)
CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616)
CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612)
CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609)
CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604)
CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069)
CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072)
CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747)
CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3348-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(118354);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-17934", "CVE-2018-16323", "CVE-2018-16413", "CVE-2018-16642", "CVE-2018-16643", "CVE-2018-16644", "CVE-2018-16645", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-17965", "CVE-2018-17966", "CVE-2018-18016", "CVE-2018-18024");
script_name(english:"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3348-1)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for ImageMagick fixes the following security issue :
CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and
ProcessMSLScript, and associated with mishandling of MSLPushImage
calls (bsc#1074170).
CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer
function (bsc#1108283)
CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that
allowed an attacker to cause a denial of service (WriteBlob assertion
failure and application exit) via a crafted file (bsc#1108282)
CVE-2018-16413: Prevent heap-based buffer over-read in the
PushShortPixel function leading to DoS (bsc#1106989).
CVE-2018-16323: ReadXBMImage left data uninitialized when processing
an XBM file that has a negative pixel value. If the affected code was
used as a library loaded into a process that includes sensitive
information, that information sometimes can be leaked via the image
data (bsc#1106855)
CVE-2018-16642: The function InsertRow allowed remote attackers to
cause a denial of service via a crafted image file due to an
out-of-bounds write (bsc#1107616)
CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage,
ReadCALSImage, and ReadPICTImage did check the return value of the
fputc function, which allowed remote attackers to cause a denial of
service via a crafted image file (bsc#1107612)
CVE-2018-16644: Added missing check for length in the functions
ReadDCMImage and ReadPICTImage, which allowed remote attackers to
cause a denial of service via a crafted image (bsc#1107609)
CVE-2018-16645: Prevent excessive memory allocation issue in the
functions ReadBMPImage and ReadDIBImage, which allowed remote
attackers to cause a denial of service via a crafted image file
(bsc#1107604)
CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of
the coders/bmp.c file. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted bmp file
(bsc#1111069)
CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072)
CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747)
CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1074170"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1106855"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1106989"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1107604"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1107609"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1107612"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1107616"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1108282"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1108283"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1110746"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1110747"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1111069"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1111072"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-17934/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16323/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16413/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16642/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16643/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16644/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16645/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16749/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16750/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-17965/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-17966/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-18016/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-18024/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20183348-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a462b257"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-ImageMagick-13831=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-ImageMagick-13831=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-ImageMagick-13831=1"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/27");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/24");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libMagickCore1-32bit-6.4.3.6-78.74.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libMagickCore1-32bit-6.4.3.6-78.74.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libMagickCore1-6.4.3.6-78.74.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libmagickcore1 | p-cpe:/a:novell:suse_linux:libmagickcore1 |
| novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18024
www.nessus.org/u?a462b257
bugzilla.suse.com/show_bug.cgi?id=1074170
bugzilla.suse.com/show_bug.cgi?id=1106855
bugzilla.suse.com/show_bug.cgi?id=1106989
bugzilla.suse.com/show_bug.cgi?id=1107604
bugzilla.suse.com/show_bug.cgi?id=1107609
bugzilla.suse.com/show_bug.cgi?id=1107612
bugzilla.suse.com/show_bug.cgi?id=1107616
bugzilla.suse.com/show_bug.cgi?id=1108282
bugzilla.suse.com/show_bug.cgi?id=1108283
bugzilla.suse.com/show_bug.cgi?id=1110746
bugzilla.suse.com/show_bug.cgi?id=1110747
bugzilla.suse.com/show_bug.cgi?id=1111069
bugzilla.suse.com/show_bug.cgi?id=1111072
www.suse.com/security/cve/CVE-2017-17934/
www.suse.com/security/cve/CVE-2018-16323/
www.suse.com/security/cve/CVE-2018-16413/
www.suse.com/security/cve/CVE-2018-16642/
www.suse.com/security/cve/CVE-2018-16643/
www.suse.com/security/cve/CVE-2018-16644/
www.suse.com/security/cve/CVE-2018-16645/
www.suse.com/security/cve/CVE-2018-16749/
www.suse.com/security/cve/CVE-2018-16750/
www.suse.com/security/cve/CVE-2018-17965/
www.suse.com/security/cve/CVE-2018-17966/
www.suse.com/security/cve/CVE-2018-18016/
www.suse.com/security/cve/CVE-2018-18024/
Related
