Lucene search

HistoryNov 20, 2018 - 12:00 a.m.

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3808-1)

2018-11-2000:00:00

www.tenable.com

This update for ImageMagick fixes the following issues :

CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399)

CVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609)

CVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129)

CVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3808-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119041);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-11532", "CVE-2017-11639", "CVE-2017-14997", "CVE-2018-16644");

  script_name(english:"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3808-1)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for ImageMagick fixes the following issues :

CVE-2017-14997: ImageMagick allowed remote attackers to cause a denial
of service (excessive memory allocation) because of an integer
underflow in ReadPICTImage in coders/pict.c. (bsc#1112399)

CVE-2018-16644: A regression in the security fix for the pict coder
was fixed (bsc#1107609)

CVE-2017-11532: When ImageMagick processed a crafted file in convert,
it could lead to a Memory Leak in the WriteMPCImage() function in
coders/mpc.c. (bsc#1050129)

CVE-2017-11639: A regression in the security fix in the cip coder was
fixed (bsc#1050635)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107609"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-11532/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-11639/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-14997/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16644/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20183808-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?47d2c374"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-ImageMagick-13868=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-ImageMagick-13868=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-ImageMagick-13868=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libMagickCore1-32bit-6.4.3.6-78.79.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libMagickCore1-32bit-6.4.3.6-78.79.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libMagickCore1-6.4.3.6-78.79.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}

VendorProductVersionCPE
novellsuse_linuxlibmagickcore1p-cpe:/a:novell:suse_linux:libmagickcore1
novellsuse_linux11cpe:/o:novell:suse_linux:11

Vendor	Product	Version	CPE
novell	suse_linux	libmagickcore1	p-cpe:/a:novell:suse_linux:libmagickcore1
novell	suse_linux	11	cpe:/o:novell:suse_linux:11

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11532

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11639

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14997

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16644

www.nessus.org/u?47d2c374

bugzilla.suse.com/show_bug.cgi?id=1050129

bugzilla.suse.com/show_bug.cgi?id=1050635

bugzilla.suse.com/show_bug.cgi?id=1107609

bugzilla.suse.com/show_bug.cgi?id=1112399

www.suse.com/security/cve/CVE-2017-11532/

www.suse.com/security/cve/CVE-2017-11639/

www.suse.com/security/cve/CVE-2017-14997/

www.suse.com/security/cve/CVE-2018-16644/

JSON

Related for SUSE_SU-2018-3808-1.NASL