Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Windows on systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM). The vulnerability may result in the incomplete installation of OpenSSL updates, including security updates.
References: none
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) on Windows systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM)
BACKGROUND
Updates to HP System Management Homepage (SMH) on Windows systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM) may leave the previous OpenSSL software active in memory until the system is rebooted.
RESOLUTION
To avoid leaving potentially vulnerable OpenSSL software active in memory, always reboot a Windows system running SMH and VCA or VCRM immediately after installing an update to SMH.
PRODUCT SPECIFIC INFORMATION
HISTORY:
Version:1 (rev.1) - 12 September 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
{"id": "SECURITYVULNS:DOC:18008", "bulletinFamily": "software", "title": "[security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01164065\r\nVersion: 1\r\n\r\nHPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2007-09-10\r\nLast Updated: 2007-09-12\r\n\r\nPotential Security Impact: Incomplete update installation\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP System Management Homepage (SMH) for Windows on systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM). The vulnerability may result in the incomplete installation of OpenSSL updates, including security updates. \r\n\r\nReferences: none\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP System Management Homepage (SMH) on Windows systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM) \r\n\r\nBACKGROUND\r\n\r\nUpdates to HP System Management Homepage (SMH) on Windows systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM) may leave the previous OpenSSL software active in memory until the system is rebooted.\r\n\r\nRESOLUTION\r\nTo avoid leaving potentially vulnerable OpenSSL software active in memory, always reboot a Windows system running SMH and VCA or VCRM immediately after installing an update to SMH.\r\n\r\nPRODUCT SPECIFIC INFORMATION \r\n\r\nHISTORY: \r\nVersion:1 (rev.1) - 12 September 2007 Initial Release \r\n\r\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. \r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com \r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC \r\nOn the web page: ITRC security bulletins and patch sign-up \r\nUnder Step1: your ITRC security bulletins and patches \r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems \r\n -verify your operating system selections are checked and save.\r\n\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \r\nLog in on the web page: Subscriber's choice for Business: sign-in. \r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \r\n\r\n\r\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \r\n\r\nGN = HP General SW \r\nMA = HP Management Agents \r\nMI = Misc. 3rd Party SW \r\nMP = HP MPE/iX \r\nNS = HP NonStop Servers \r\nOV = HP OpenVMS \r\nPI = HP Printing & Imaging \r\nST = HP Storage SW \r\nTL = HP Trusted Linux \r\nTU = HP Tru64 UNIX \r\nUX = HP-UX \r\nVV = HP VirtualVault \r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.\r\n\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\n\u00a9Copyright 2007 Hewlett-Packard Development Company, L.P. \r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.1\r\n\r\niQA/AwUBRup/h+AfOvwtKn1ZEQIG7wCfcV9y+JLy5Cn0x3mzlkzhg3+bzdQAnjGN\r\nlI8XfxkMzDH0Gw6Rcww4zxPm\r\n=Fdy/\r\n-----END PGP SIGNATURE-----", "published": "2007-09-17T00:00:00", "modified": "2007-09-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18008", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:23", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:10:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2017-18008", "CVE-2015-9286", "CVE-2018-18008", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150879"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556"]}, {"type": "nessus", "idList": ["SUSE_SU-2018-0349-1.NASL", "UBUNTU_USN-3681-1.NASL", "OPENSUSE-2018-145.NASL"]}, {"type": "ubuntu", "idList": ["USN-3681-1"]}, {"type": "mskb", "idList": ["KB4074837", "KB4051956", "KB4012864", "KB4020322", "KB3203884", "KB4015193", "KB4049068"]}], "modified": "2018-08-31T11:10:23", "rev": 2}, "vulnersScore": 5.9}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:33", "description": "spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-21T23:29:00", "title": "CVE-2018-18008", "type": "cve", "cwe": ["CWE-798"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18008"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:dlink:dwr-512_firmware:2.01", "cpe:/o:dlink:dir-140l_firmware:1.01ru", "cpe:/o:dlink:dwr-555_firmware:1.05", "cpe:/o:dlink:dwr-921_firmware:1.05", "cpe:/o:dlink:dwr-921_firmware:1.03", "cpe:/o:dlink:dir-640l_firmware:1.02", "cpe:/o:dlink:dir-640l_firmware:1.00", "cpe:/o:dlink:dwr-555_firmware:1.03", "cpe:/o:dlink:dwr-921_firmware:2.02", "cpe:/o:dlink:dsl-2770l_firmware:me_1.02", "cpe:/o:dlink:dir-640l_firmware:1.01ru", "cpe:/o:dlink:dsl-2770l_firmware:me_1.06", "cpe:/o:dlink:dir-140l_firmware:1.02", "cpe:/o:dlink:dwr-116_firmware:2.01", "cpe:/o:dlink:dir-140l_firmware:1.00", "cpe:/o:dlink:dwr-555_firmware:2.02", "cpe:/o:dlink:dwr-116_firmware:1.05", "cpe:/o:dlink:dwr-512_firmware:1.05", "cpe:/o:dlink:dwr-512_firmware:1.03", "cpe:/o:dlink:dwr-116_firmware:2.02", "cpe:/o:dlink:dwr-116_firmware:1.03", "cpe:/o:dlink:dwr-921_firmware:2.01", "cpe:/o:dlink:dwr-555_firmware:2.01", "cpe:/o:dlink:dsl-2770l_firmware:me_1.01", "cpe:/o:dlink:dwr-512_firmware:2.02"], "id": "CVE-2018-18008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:dlink:dwr-555_firmware:1.03:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-640l_firmware:1.00:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-116_firmware:1.05:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-140l_firmware:1.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-512_firmware:1.05:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-512_firmware:2.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.06:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-921_firmware:1.03:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-921_firmware:2.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-140l_firmware:1.01ru:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-640l_firmware:1.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-116_firmware:2.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-555_firmware:2.01:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-116_firmware:1.03:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-921_firmware:2.01:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.01:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-140l_firmware:1.00:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-555_firmware:1.05:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-512_firmware:1.03:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-555_firmware:2.02:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-512_firmware:2.01:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-116_firmware:2.01:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dwr-921_firmware:1.05:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:dir-640l_firmware:1.01ru:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:41", "description": "In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-01T08:29:00", "title": "CVE-2017-18008", "type": "cve", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18008"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:imagemagick:imagemagick:7.0.7-17", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-18008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18008", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-17:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "packetstorm": [{"lastseen": "2018-12-25T18:50:53", "description": "", "published": "2018-12-22T00:00:00", "type": "packetstorm", "title": "D-Link DSL-2770L / DIR-140L / DIR-640L Credential Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-18008"], "modified": "2018-12-22T00:00:00", "id": "PACKETSTORM:150879", "href": "https://packetstormsecurity.com/files/150879/D-Link-DSL-2770L-DIR-140L-DIR-640L-Credential-Disclosure.html", "sourceData": "`[Vendor] \nus.dlink.com \n \n \n[Product] \nD-Link DSL-2770L (version ME_1.01, ME_1.02, AU_1.06) \nD-Link DIR-140L, DIR-640L (version 1.00, 1.01RU, 1.02) \nD-Link DWR-116, DWR-512, DWR-555, DWR-921 (version V1.03, V1.05, V2.01, V2.02) \n \n[Vulnerability Type] \nadmin credentials disclosure \n \n \n[Affected Component] \nWeb Interface \n \n \n[CVE Reference] \nCVE-2018-18008 \n \n \n[Security Issue] \nAn authenticated user can visit the page spaces.htm, for example, http://victime_ip/spaces.htm, and obtain clear text password of user admin at the line: \n \nxxx=\"__password__\"; \n \n[Network Access] \nRemote via Web Interface \n \n \n[Authentication] \nNot required \n \n \n[Disclosure Timeline] \n2018-06-17: Vendor Notification \n2018-06-19: Vendor acknowledgement \n2018-10-23: Request update \n2018-10-26: Vendor: \"I don't have an update currently, but fixes are under development.\" \n2018-12-07: Inform vendor of disclosure \n2018-12-17: Public Disclosure \n \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150879/dlinkdsldir-disclose.txt"}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:43", "bulletinFamily": "software", "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.216.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.216.0 or later.\n\n# References\n\n * [USN-3681-1](<https://usn.ubuntu.com/3681-1/>)\n * [CVE-2017-1000445](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000445>)\n * [CVE-2017-1000476](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000476>)\n * [CVE-2017-10995](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10995>)\n * [CVE-2017-11352](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11352>)\n * [CVE-2017-11533](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11533>)\n * [CVE-2017-11535](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11535>)\n * [CVE-2017-11537](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11537>)\n * [CVE-2017-11639](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11639>)\n * [CVE-2017-11640](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11640>)\n * [CVE-2017-12140](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12140>)\n * [CVE-2017-12418](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12418>)\n * [CVE-2017-12429](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12429>)\n * [CVE-2017-12430](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12430>)\n * [CVE-2017-12431](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12431>)\n * [CVE-2017-12432](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12432>)\n * [CVE-2017-12433](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12433>)\n * [CVE-2017-12435](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12435>)\n * [CVE-2017-12563](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12563>)\n * [CVE-2017-12587](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12587>)\n * [CVE-2017-12640](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12640>)\n * [CVE-2017-12643](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12643>)\n * [CVE-2017-12644](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12644>)\n * [CVE-2017-12670](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12670>)\n * [CVE-2017-12674](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12674>)\n * [CVE-2017-12691](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12691>)\n * [CVE-2017-12692](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12692>)\n * [CVE-2017-12693](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12693>)\n * [CVE-2017-12875](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12875>)\n * [CVE-2017-12877](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12877>)\n * [CVE-2017-12983](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12983>)\n * [CVE-2017-13058](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13058>)\n * [CVE-2017-13059](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13059>)\n * [CVE-2017-13060](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13060>)\n * [CVE-2017-13061](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13061>)\n * [CVE-2017-13062](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13062>)\n * [CVE-2017-13131](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13131>)\n * [CVE-2017-13134](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134>)\n * [CVE-2017-13139](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13139>)\n * [CVE-2017-13142](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13142>)\n * [CVE-2017-13143](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13143>)\n * [CVE-2017-13144](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13144>)\n * [CVE-2017-13145](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13145>)\n * [CVE-2017-13758](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13758>)\n * [CVE-2017-13768](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13768>)\n * [CVE-2017-13769](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13769>)\n * [CVE-2017-14060](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14060>)\n * [CVE-2017-14172](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14172>)\n * [CVE-2017-14173](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14173>)\n * [CVE-2017-14174](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14174>)\n * [CVE-2017-14175](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14175>)\n * [CVE-2017-14224](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14224>)\n * [CVE-2017-14249](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14249>)\n * [CVE-2017-14325](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14325>)\n * [CVE-2017-14326](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14326>)\n * [CVE-2017-14341](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14341>)\n * [CVE-2017-14342](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14342>)\n * [CVE-2017-14343](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14343>)\n * [CVE-2017-14400](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14400>)\n * [CVE-2017-14505](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14505>)\n * [CVE-2017-14531](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14531>)\n * [CVE-2017-14532](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14532>)\n * [CVE-2017-14533](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14533>)\n * [CVE-2017-14607](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14607>)\n * [CVE-2017-14624](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14624>)\n * [CVE-2017-14625](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14625>)\n * [CVE-2017-14626](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14626>)\n * [CVE-2017-14682](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14682>)\n * [CVE-2017-14684](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14684>)\n * [CVE-2017-14739](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14739>)\n * [CVE-2017-14741](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14741>)\n * [CVE-2017-14989](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14989>)\n * [CVE-2017-15015](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15015>)\n * [CVE-2017-15016](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15016>)\n * [CVE-2017-15017](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15017>)\n * [CVE-2017-15032](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15032>)\n * [CVE-2017-15033](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15033>)\n * [CVE-2017-15217](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15217>)\n * [CVE-2017-15218](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15218>)\n * [CVE-2017-15277](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277>)\n * [CVE-2017-15281](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15281>)\n * [CVE-2017-16546](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16546>)\n * [CVE-2017-17499](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17499>)\n * [CVE-2017-17504](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17504>)\n * [CVE-2017-17680](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17680>)\n * [CVE-2017-17681](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17681>)\n * [CVE-2017-17682](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17682>)\n * [CVE-2017-17879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17879>)\n * [CVE-2017-17881](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17881>)\n * [CVE-2017-17882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17882>)\n * [CVE-2017-17884](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17884>)\n * [CVE-2017-17885](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17885>)\n * [CVE-2017-17886](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17886>)\n * [CVE-2017-17887](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17887>)\n * [CVE-2017-17914](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17914>)\n * [CVE-2017-17934](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17934>)\n * [CVE-2017-18008](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18008>)\n * [CVE-2017-18022](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18022>)\n * [CVE-2017-18027](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18027>)\n * [CVE-2017-18028](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18028>)\n * [CVE-2017-18029](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18029>)\n * [CVE-2017-18209](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18209>)\n * [CVE-2017-18211](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18211>)\n * [CVE-2017-18251](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18251>)\n * [CVE-2017-18252](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18252>)\n * [CVE-2017-18254](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18254>)\n * [CVE-2017-18271](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18271>)\n * [CVE-2017-18273](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18273>)\n * [CVE-2018-10177](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10177>)\n * [CVE-2018-10804](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10804>)\n * [CVE-2018-10805](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10805>)\n * [CVE-2018-11251](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11251>)\n * [CVE-2018-11625](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11625>)\n * [CVE-2018-11655](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11655>)\n * [CVE-2018-11656](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11656>)\n * [CVE-2018-5246](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5246>)\n * [CVE-2018-5247](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5247>)\n * [CVE-2018-5248](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5248>)\n * [CVE-2018-5357](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5357>)\n * [CVE-2018-5358](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5358>)\n * [CVE-2018-6405](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6405>)\n * [CVE-2018-7443](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7443>)\n * [CVE-2018-8804](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8804>)\n * [CVE-2018-8960](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8960>)\n * [CVE-2018-9133](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9133>)\n", "edition": 5, "modified": "2018-06-14T00:00:00", "published": "2018-06-14T00:00:00", "id": "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "href": "https://www.cloudfoundry.org/blog/usn-3681-1/", "title": "USN-3681-1: ImageMagick vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-09-18T10:55:36", "description": "It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-13T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "modified": "2018-06-13T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:libmagick++5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3681-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110516);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\", \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\", \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\", \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\", \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\", \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\", \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\", \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\", \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\", \"CVE-2018-6405\", \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_xref(name:\"USN\", value:\"3681-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3681-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:35:30", "description": "This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-08T00:00:00", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-145)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13142", "CVE-2017-17884", "CVE-2017-11639", "CVE-2017-13147", "CVE-2017-12640", "CVE-2017-12673", "CVE-2017-12676", "CVE-2017-11525", "CVE-2017-12643", "CVE-2017-15218", "CVE-2017-9261", "CVE-2017-11505", "CVE-2017-17879", "CVE-2017-17681", "CVE-2017-12641", "CVE-2017-17504", "CVE-2018-5246", "CVE-2017-9262", "CVE-2017-18008", "CVE-2017-13141", "CVE-2017-18029", "CVE-2017-11750", "CVE-2017-13059", "CVE-2017-12671", "CVE-2017-12565", "CVE-2017-10995", "CVE-2017-11526", "CVE-2017-18027", "CVE-2017-17914", "CVE-2017-12935", "CVE-2018-5685", "CVE-2017-11539", "CVE-2017-14103", "CVE-2017-14649"], "modified": "2018-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3", "p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libMagick++-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:libMagick++-devel"], "id": "OPENSUSE-2018-145.NASL", "href": "https://www.tenable.com/plugins/nessus/106668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-145.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106668);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11505\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11750\", \"CVE-2017-12565\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12643\", \"CVE-2017-12671\", \"CVE-2017-12673\", \"CVE-2017-12676\", \"CVE-2017-12935\", \"CVE-2017-13059\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13147\", \"CVE-2017-14103\", \"CVE-2017-14649\", \"CVE-2017-15218\", \"CVE-2017-17504\", \"CVE-2017-17681\", \"CVE-2017-17879\", \"CVE-2017-17884\", \"CVE-2017-17914\", \"CVE-2017-18008\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2017-9261\", \"CVE-2017-9262\", \"CVE-2018-5246\", \"CVE-2018-5685\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-145)\");\n script_summary(english:\"Check for the openSUSE-2018-145 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T06:52:27", "description": "This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-05T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0349-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13142", "CVE-2017-17884", "CVE-2017-11639", "CVE-2017-13147", "CVE-2017-12640", "CVE-2017-12673", "CVE-2017-12676", "CVE-2017-11525", "CVE-2017-12643", "CVE-2017-15218", "CVE-2017-9261", "CVE-2017-11505", "CVE-2017-17879", "CVE-2017-17681", "CVE-2017-12641", "CVE-2017-17504", "CVE-2018-5246", "CVE-2017-9262", "CVE-2017-18008", "CVE-2017-13141", "CVE-2017-18029", "CVE-2017-11750", "CVE-2017-13059", "CVE-2017-12671", "CVE-2017-12565", "CVE-2017-10995", "CVE-2017-11526", "CVE-2017-18027", "CVE-2017-17914", "CVE-2017-12935", "CVE-2018-5685", "CVE-2017-11539", "CVE-2017-14103", "CVE-2017-14649"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:libMagick++-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo"], "id": "SUSE_SU-2018-0349-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0349-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106602);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11505\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11750\", \"CVE-2017-12565\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12643\", \"CVE-2017-12671\", \"CVE-2017-12673\", \"CVE-2017-12676\", \"CVE-2017-12935\", \"CVE-2017-13059\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13147\", \"CVE-2017-14103\", \"CVE-2017-14649\", \"CVE-2017-15218\", \"CVE-2017-17504\", \"CVE-2017-17681\", \"CVE-2017-17879\", \"CVE-2017-17884\", \"CVE-2017-17914\", \"CVE-2017-18008\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2017-9261\", \"CVE-2017-9262\", \"CVE-2018-5246\", \"CVE-2018-5685\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0349-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11750/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12676/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13059/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14649/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17504/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17681/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18027/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5246/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180349-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e017fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-244=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-06-13T00:00:00", "id": "OPENVAS:1361412562310843556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843556", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3681-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3681_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for imagemagick USN-3681-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843556\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 05:45:46 +0200 (Wed, 13 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2018-6405\",\n \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\",\n \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\",\n \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\",\n \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\",\n \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\",\n \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\",\n \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\",\n \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\",\n \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\",\n \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\",\n \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\",\n \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\",\n \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\",\n \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\",\n \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\",\n \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\",\n \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\",\n \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\",\n \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\",\n \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\",\n \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\",\n \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\",\n \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\",\n \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\",\n \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\",\n \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\",\n \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\",\n \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3681-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\nthe target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\nhandled certain malformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could exploit this to\ncause a denial of service or possibly execute code with the privileges of\nthe user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3681-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3681-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "description": "It was discovered that ImageMagick incorrectly handled certain malformed \nimage files. If a user or automated system using ImageMagick were tricked \ninto opening a specially crafted image, an attacker could exploit this to \ncause a denial of service or possibly execute code with the privileges of \nthe user invoking the program.", "edition": 5, "modified": "2018-06-12T00:00:00", "published": "2018-06-12T00:00:00", "id": "USN-3681-1", "href": "https://ubuntu.com/security/notices/USN-3681-1", "title": "ImageMagick vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:51:57", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that sets time zone and DST changes in Windows for Namibia and the Turks and Caicos Islands.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article describes an update that makes time zone and daylight saving time (DST) changes in Windows for Namibia and the Turks and Caicos Islands. Before you install this update, see the <a bookmark-id=\"prerequisites\" href=\"#prerequisites\" managed-link=\"\" target=\"\">Prerequisites</a> section.<br/>\u00a0<p><span>This update applies to the following operating systems:</span><br/>\u00a0</p><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012</li><li>Windows Embedded 8</li><li>Windows Server 2008 R2 Service Pack 1 (SP1)</li><li>Windows 7 SP1</li><li>Windows Server 2008 Service Pack 2 (SP2)</li><li>Windows XP Embedded</li></ul><span class=\"text-base\"><br/>Note</span> To get the update for Windows 10 and Windows Server 2016, install the latest cumulative updates that are listed in the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history\" managed-link=\"\" target=\"_blank\">Windows 10 and Windows Server 2016\u00a0update history</a>\u00a0Knowledge Base article.<br/>\u00a0</div><h2>Changes by location</h2><h3>Namibia</h3><p><span>The Republic of Namibia permanently changed its time zone from UTC+01:00 to UTC+02:00 on September 3, 2017, at 02:00. DST was previously scheduled to end on April 1, 2018 at 02:00 hours.</span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Old time zone display name</strong></td><td><strong>New time zone display name</strong></td></tr><tr><td>Namibia Standard Time</td><td>(UTC+01:00) Windhoek</td><td>(UTC+02:00) Windhoek</td></tr></tbody></table></div><div>\u00a0</div><div>\u00a0</div><h3>Turks and Caicos Islands</h3><p><span>The Turks and Caicos Islands will switch from UTC-04:00 (all year) to UTC-05:00 on March 11, 2018, at 03:00 hours. This change includes starting a DST\u00a0observance\u00a0on the same schedule as the United States.</span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Old time zone display name</strong></td><td><strong>New time zone display name</strong></td></tr><tr><td>Turks and Caicos Standard Time</td><td>(UTC-04:00)\u00a0Turks and Caicos</td><td>(UTC-05:00)\u00a0Turks and Caicos</td></tr></tbody></table></div><div>\u00a0</div><h2>Update information</h2><div class=\"kb-resolution-section section\"><p>The update that is described in this article makes changes in the time zone and DST settings for Namibia and the Turks and Caicos Islands.</p><p>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:</p><div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how to configure DST settings in Windows, see the following article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span><br/><strong>Note</strong> When you apply this update, you may receive a message that resembles the following:\u00a0 </span><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span>Update cannot be installed as a newer or same time zone update has already been installed on the system.</span></p></div></div></div></div><span> </span><p><br/><span>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</span></p><span> </span></div></div><h2>How to get this update</h2><h3>Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><div class=\"kb-resolution-section section\"><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:</div><div class=\"indent\"><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></div><p><br/>For more information about how to run Windows Update, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/3067639\" managed-link=\"\" target=\"_blank\">How to get an update through Windows Update</a>.</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4074837\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/>\u00a0</p><h3 class=\"sbody-h3\">Windows Server 2008 SP2</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4><p>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><div><span>To get the stand-alone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4074837\" id=\"kb-link-10\" target=\"\">Microsoft Update Catalog</a> website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.</span></div><div>\u00a0</div><div>\u00a0</div><h2></h2><h4>Prerequisites</h4><div>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/>\u00a0<h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/>\u00a0<h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update.<br/>\u00a0</div><div>\u00a0</div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2018-02-21T17:58:58", "id": "KB4074837", "href": "https://support.microsoft.com/en-us/help/4074837/", "published": "2018-02-21T17:58:58", "title": "Time zone and DST changes in Windows for Namibia and Turks and Caicos", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:44:15", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that sets time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article describes an update that makes time zone and daylight saving time (DST) changes in Windows. Before you install this update, see the <a bookmark-id=\"prerequisites\" href=\"#prerequisites\" managed-link=\"\" target=\"\">Prerequisites</a> section.<br/>\u00a0<p><span>This update applies to the following operating systems:</span><br/>\u00a0</p><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012</li><li>Windows Embedded 8</li><li>Windows Server 2008 R2 Service Pack 1 (SP1)</li><li>Windows 7 SP1</li><li>Windows Server 2008 Service Pack 2 (SP2)</li><li>Windows XP Embedded</li></ul><span class=\"text-base\"><br/>Note</span> To get the update for Windows 10 and Windows Server 2016, install the latest cumulative updates that are listed in the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history\" managed-link=\"\" target=\"_blank\">Windows 10 and Windows Server 2016\u00a0update history page</a>.<br/>\u00a0</div><h2>Changes by location</h2><h3>Northern Cyprus</h3><p><span>Northern Cyprus set its\u00a0clocks back one\u00a0hour for daylight saving time (DST) on October 29, 2017, after making no DST changes for the past year. We recommend that all users change their time zone setting\u00a0from \"Istanbul\" to the new \"Athens, Bucharest\" entry.</span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Old time zone</strong></td><td><strong>New time zone</strong></td></tr><tr><td>GTB Standard Time</td><td>(UTC+03:00) Istanbul</td><td>(UTC+02:00) Athens, Bucharest</td></tr></tbody></table></div><h3><br/><br/>Sudan</h3><p><span>The Republic of Sudan switched from UTC+03:00 to UTC+02:00 on November 11, 2017. To accommodate this change, a new time zone was created. </span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>New time zone</strong></td></tr><tr><td>Sudan Standard Time</td><td>(UTC+02:00)\u00a0Khartoum</td></tr></tbody></table></div><h3><br/><br/>Tonga</h3><p><span>The Kingdom of Tonga\u00a0cancelled its DST observance this year. DST was previously scheduled to start on November 5, 2017.\u00a0<span>DST is no longer observed in Tonga. </span></span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Display name</strong></td><td><strong>Old DST start date</strong></td></tr><tr><td>Tonga Standard Time</td><td>(UTC+13:00),\u00a0Nuku'alofa Island</td><td>November 5, 2017</td></tr></tbody></table></div><p>\u00a0</p><h2>Update information</h2><div class=\"kb-resolution-section section\"><p>The update that is described in this article makes changes in the time zone setting\u00a0for The Republic of Sudan and in the DST settings for Northern Cyprus and the Kingdom of Tonga.</p><p>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:</p><div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span class=\"text-base\"><br/>Note</span> When you apply this update, you may receive a message that resembles the following:\u00a0<div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Update cannot be installed as a newer or same time zone update has already been installed on the system.</p></div></div></div></div><p><br/>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</p></div></div><div>\u00a0</div><h2>How to get this update</h2><h3>Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><div class=\"kb-resolution-section section\"><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:</div><div class=\"indent\"><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></div><p><br/>For more information about how to run Windows Update, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/3067639\" managed-link=\"\" target=\"_blank\">How to get an update through Windows Update</a>.</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4051956\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/>\u00a0</p><h3 class=\"sbody-h3\">Windows Server 2008 SP2</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4><p>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><div><span>To get the stand-alone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4051956\" id=\"kb-link-10\" target=\"\">Microsoft Update Catalog</a> website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.</span></div><h2></h2><h4>Prerequisites</h4><div>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/>\u00a0<h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/>\u00a0<h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update.<br/>\u00a0</div><div>\u00a0</div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2017-12-12T18:01:47", "id": "KB4051956", "href": "https://support.microsoft.com/en-us/help/4051956/", "published": "2017-12-12T18:01:47", "title": "Time zone and DST changes in Windows for Northern Cyprus, Sudan, and Tonga", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:52:01", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that sets time zone changes in Windows for Fiji.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article describes an update that makes daylight saving time (DST) changes in Windows. Before you install this update, see the <a bookmark-id=\"prerequisites\" href=\"#prerequisites\" managed-link=\"\" target=\"\">Prerequisites</a> section.<br/>\u00a0<p><span>This update applies to the following operating systems:</span><br/>\u00a0</p><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012</li><li>Windows Embedded 8</li><li>Windows Server 2008 R2 Service Pack 1 (SP1)</li><li>Windows 7 SP1</li><li>Windows Server 2008 Service Pack 2 (SP2)</li><li>Windows XP Embedded</li></ul><span class=\"text-base\"><br/>Note</span> To get the update for Windows 10 and Windows Server 2016, install the latest cumulative updates that are listed in the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history\" managed-link=\"\" target=\"_blank\">Windows 10 \u00a0and Windows Server 2016\u00a0update history page</a>.<br/>\u00a0</div><h2>Changes by location</h2><h3>Fiji</h3><p><span>The Republic of the Fiji Islands ends its obervance of\u00a0daylight saving time (DST) in 2018 on January 14 instead of January 21. </span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Display name</strong></td><td><strong>Old DST end date</strong></td><td><strong><span>New DST end date</span></strong></td></tr><tr><td>Fiji Standard Time</td><td>(UTC+12:00), Fiji</td><td>January 21, 2018</td><td>January 14, 2018</td></tr></tbody></table></div><h3><br/><br/>Other data corrections</h3><p>In addition to the recently added and revised information, we have improved the historical data accuracy of the \u201cMorocco Standard Time\u201d time zone entry in Windows.<br/>\u00a0</p><h2>Update information</h2><div class=\"kb-resolution-section section\"><p>The update that is described in this article makes changes in the DST settings for Fiji.</p><p>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:</p><div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span class=\"text-base\"><br/>Note</span> When you apply this update, you may receive a message that resembles the following:\u00a0<div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Update cannot be installed as a newer or same time zone update has already been installed on the system.</p></div></div></div></div><p><br/>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</p></div></div><div>\u00a0</div><h2>How to get this update</h2><h3>Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><div class=\"kb-resolution-section section\"><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:</div><div class=\"indent\"><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></div><p><br/>For more information about how to run Windows Update, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/3067639\" managed-link=\"\" target=\"_blank\">How to get an update through Windows Update</a>.</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4049068\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/>\u00a0</p><h3 class=\"sbody-h3\">Windows Server 2008 SP2</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4><p>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><div><span>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4049068\" id=\"kb-link-10\" target=\"_self\">Microsoft Update Catalog</a> website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.</span></div><h2></h2><h4 class=\"sbody-h4\">Prerequisites</h4><div>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/>\u00a0<h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/>\u00a0<h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update.<br/>\u00a0</div><div>\u00a0</div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2017-11-28T18:02:37", "id": "KB4049068", "href": "https://support.microsoft.com/en-us/help/4049068/", "published": "2017-11-28T18:02:37", "title": "Time zone changes in Windows for Fiji", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:40:38", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes a Windows update that makes DST changes for Northern Cypress, Mongolia, and the Russian Saratov region.</p><h2>Summary</h2><div><h4>Cyprus</h4><p>Northern Cyprus has stopped observing daylight saving time. This new policy went into effect on October 30, 2016. Going forward, the area will remain set at UTC+03:00.</p><p>\u00a0</p></div><div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Time zone key name</span></th><th class=\"sbody-th\"><span class=\"text-base\">Old time zone</span></th><th class=\"sbody-th\"><span class=\"text-base\">Time zone to use going forward</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Turkey Standard Time</td><td class=\"sbody-td\">(UTC+02:00) Athens, Bucharest</td><td>(UTC+03:00) Istanbul</td></tr></tbody></table><br/>\u00a0</div><div><h4>Saratov (Russia)</h4><p>The Russian government recently announced that the Saratov region time zone was moved from UTC+03:00 to UTC+04:00. This change went into effect at 02:00 on December 4, 2016.</p></div><div class=\"kb-summary-section section\"><div class=\"table-responsive\"><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Time zone key name</span></th><th class=\"sbody-th\"><span class=\"text-base\">Old time zone</span></th><th class=\"sbody-th\"><span class=\"text-base\">New time zone</span></th></tr><tr><td>Saratov Standard Time</td><td>(UTC+03:00) Moscow, St. Petersburg, Volgograd</td><td>(UTC+04:00) Saratov</td></tr></tbody></table><br/>\u00a0</div><div><h4>Tonga</h4><p>Tonga reintroduced DST observance last year, beginning at 02:00 on November 6, 2016. For this year, DST in Tonga ended at 03:00 on January 15, 2017.</p></div><table class=\"table\"><tbody><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Time zone key name</span></th><th class=\"sbody-th\"><span class=\"text-base\">DST display name</span></th><th class=\"sbody-th\"><span class=\"text-base\">DST start</span></th><th class=\"sbody-th\"><span class=\"text-base\">DST end</span></th></tr><tr><td>Tonga Standard Time</td><td>(UTC+14:00) Nuku'alofa Island</td><td>November 6, 2016, 02:00</td><td>January 15, 2017, 03:00</td></tr></tbody></table><p>Additionally, we are introducing a time zone,\u00a0<strong>(UTC+13:00) Coordinated Universal Time+13</strong>. This new time zone is for use by other small Pacific regions, such as the Phoenix Islands and Fakaofo Atoll.<br/>\u00a0</p><div><h4>Mongolia</h4><p>Mongolia is no longer observing DST going forward. DST in Mongolia was previously scheduled to begin on March 25, 2017.<br/>\u00a0</p></div><div><h4>Affected operating systems</h4><p>This update applies to the following operating systems:</p></div><div class=\"kb-summary-section section\"><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows Server 2012</li><li>Windows 8.1</li><li>Windows Server 2008 R2 Service Pack 1 (SP1)</li><li>Windows 7 SP1</li><li>Windows Server 2008 Service Pack 2 (SP2)</li><li>Windows Vista SP2</li></ul><p>\u00a0</p></div><p><strong>Note\u00a0</strong>To get the update for Windows 10, install the latest cumulative updates that are listed in the <a href=\"http://windows.microsoft.com/en-us/windows-10/update-history-windows-10\" id=\"kb-link-1\" target=\"_self\">Windows 10 update history page</a>.</p></div><h2>Resolution</h2><div class=\"kb-resolution-section section\">The update that is described in this article removes the DST observation for Northern Cypress and moves the Saratov region of Russia ahead one hour.<br/><br/>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:<div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span class=\"text-base\"><br/>Note</span> When you apply this update, you may receive a message that resembles the following:</div><div class=\"indent\">Update cannot be installed as a newer or same time zone update has already been installed on the system.</div><div>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</div></div><h2>How to get this update</h2><div class=\"kb-resolution-section section\"><h3 class=\"sbody-h3\">Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:<div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/24717/windows-8-1-windows-server-2012-r2-update-history\" id=\"kb-link-4\" target=\"_self\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a href=\"https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history\" id=\"kb-link-5\" target=\"_self\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a href=\"https://support.microsoft.com/en-us/help/22811/windows-server-2012-update-history\" id=\"kb-link-6\" target=\"_self\">Windows Server 2012 update history</a></div><br/>For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-7\" target=\"_self\">How to get an update through Windows Update</a>. <br/><br/><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4>This update is now available for installation through WSUS.<br/><br/><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4012864\" id=\"kb-link-8\" target=\"_self\">Microsoft Update Catalog</a> website. <br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/><br/><h3 class=\"sbody-h3\">Windows Server 2008 SP2, Windows Vista</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/><br/><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4>This update is now available for installation through WSUS.<br/><br/><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4012864\" id=\"kb-link-10\" target=\"_self\">Microsoft Update Catalog</a> website. <br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/><br/><h4 class=\"sbody-h4\">Prerequisites</h4>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows Vista and for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/><br/><h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/><br/><h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update. </div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2017-10-18T22:33:55", "id": "KB4012864", "href": "https://support.microsoft.com/en-us/help/4012864/", "published": "2017-10-18T22:33:55", "title": "DST changes in Windows for Northern Cypress, Mongolia, and Russian Saratov region", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:52:50", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that sets an end date for DST in Windows for Haiti in 2017.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article describes an update that makes daylight saving time (DST) changes in Windows. Before you install this update, see the <a bookmark-id=\"prerequisites\" href=\"#prerequisites\" managed-link=\"\" target=\"\">Prerequisites</a> section.<br/>\u00a0<p><span>This update applies to the following operating systems:</span><br/>\u00a0</p><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012</li><li>Windows Embedded 8</li><li>Windows Server 2008 R2 Service Pack 1 (SP1)</li><li>Windows 7 SP1</li><li>Windows Server 2008 Service Pack 2 (SP2)</li><li>Windows XP Embedded</li></ul><span class=\"text-base\"><br/>Note</span> To get the update for Windows 10, install the latest cumulative updates that are listed in the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history\" managed-link=\"\" target=\"_blank\">Windows 10 update history page</a>.<br/>\u00a0<h3 class=\"sbody-h3\">Haiti</h3><p><span>Haiti recently resumed its observance of daylight saving time, setting clocks forward by one hour. DST in Haiti is scheduled to end on November 5, 2017 at 02:00. </span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Display name</strong></td><td><strong><span>DST end date</span></strong></td></tr><tr><td>Haiti Standard Time</td><td>(UTC- 05:00) Haiti</td><td>November 5, 2017 at 02:00</td></tr></tbody></table></div></div><h3 class=\"sbody-h3\"><br/>Morocco</h3><p><span>Morocco's observance of DST resumes this year on July 2, 2017, at 02:00 and ends on October 29, 2017, at 03:00. </span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Time zone key name</span></strong></td><td><strong>Display name</strong></td><td><strong><span>DST start date</span></strong></td><td><strong><span>DST end date</span></strong></td></tr><tr><td>Morocco Standard Time</td><td>(UTC- 00:00) Casablanca</td><td>July 2, 2017, at 02:00</td><td>October 29, 2017, at 03:00</td></tr></tbody></table></div><div>\u00a0</div><h2>Resolution</h2><div class=\"kb-resolution-section section\"><p>The update that is described in this article ends DST observation in Haiti for 2017 by setting clocks back by one hour on November 5, 2017 at 02:00.</p><p>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:</p><div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span class=\"text-base\"><br/>Note</span> When you apply this update, you may receive a message that resembles the following:</div><div class=\"indent\">Update cannot be installed as a newer or same time zone update has already been installed on the system.</div><div>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</div></div><div>\u00a0</div><h2>How to get this update</h2><h3>Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><div class=\"kb-resolution-section section\"><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:</div><div class=\"indent\"><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></div><p><br/>For more information about how to run Windows Update, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/3067639\" managed-link=\"\" target=\"_blank\">How to get an update through Windows Update</a>.</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4020322\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/>\u00a0</p><h3 class=\"sbody-h3\">Windows Server 2008 SP2</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4><p>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><div><span>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4020322\" id=\"kb-link-10\" target=\"_self\">Microsoft Update Catalog</a> website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.</span></div><h2></h2><h4 class=\"sbody-h4\">Prerequisites</h4><div>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/>\u00a0<h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/>\u00a0<h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update.<br/>\u00a0</div><div>\u00a0</div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2017-06-27T17:20:05", "id": "KB4020322", "href": "https://support.microsoft.com/en-us/help/4020322/", "published": "2017-06-27T17:20:05", "title": "DST changes in Windows for Haiti and Morocco", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:42:25", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that makes DST changes in Windows for the Chilean Magallanes and Antarctic regions.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This article describes an update that makes time zone changes and daylight saving time (DST) changes in Windows. Before you install this update, see the <a bookmark-id=\"prerequisites\" href=\"#prerequisites\" managed-link=\"\" target=\"\">Prerequisites</a> section. <br/><br/><p><span>This update applies to the following operating systems:<br/><br/></span></p><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012</li><li>Windows Embedded 8 </li><li>Windows Server 2008 R2 Service Pack 1 (SP1) </li><li>Windows 7 SP1 </li><li>Windows Server 2008 Service Pack 2 (SP2) </li><li>Windows Vista SP2</li><li>Windows XP Embedded</li></ul><span class=\"text-base\"><br/>Note</span> To get the update for Windows 10, install the latest cumulative updates that are listed in the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history\" managed-link=\"\" target=\"_blank\">Windows 10 update history page</a>.<br/><br/><h3 class=\"sbody-h3\">Chile</h3><p><span>Chile has announced that the Magallanes region and the Chilean Antarctic region will remain on daylight saving time (DST) indefinitely. </span></p><p><span>On May 14, 2017, mainland Chile will revert to the UTC -04:00 time zone while the Magallanes region and the Chilean Antarctic region\u00a0will move to UTC -03:00. We recommend that users in the Magallanes and Chilean Antarctic regions switch to this\u00a0new time zone </span></p><div class='\\\"table-responsive\\\"'><table class=\"table\"><tbody><tr><td><strong><span>Region</span></strong></td><td><strong>Old time zone</strong></td><td><strong><span>New time zone</span></strong></td></tr><tr><td>Magallanes<br/>Chilean Antarctica</td><td>(UTC-04:00) Santiago</td><td>(UTC-03:00) Punta Arenas</td></tr></tbody></table></div></div><h2>Resolution</h2><div class=\"kb-resolution-section section\">The update that is described in this article moves the Chilean Magallanes and Antarctic regions to the Punta Arenas Time Zone.<br/><br/>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:<div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div><div><br/>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:</div><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><div><span class=\"text-base\"><br/>Note</span> When you apply this update, you may receive a message that resembles the following:</div><div class=\"indent\">Update cannot be installed as a newer or same time zone update has already been installed on the system.</div><div>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.</div></div><h2>How to get this update</h2><h3>Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><div class=\"kb-resolution-section section\"><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:</div><div class=\"indent\"><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></div><p><br/>For more information about how to run Windows Update, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/3067639\" managed-link=\"\" target=\"_blank\">How to get an update through Windows Update</a>.</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4015193\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.<br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/>\u00a0</p><h3 class=\"sbody-h3\">Windows Server 2008 SP2, Windows Vista</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4><p>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4><p>This update is now available for installation through WSUS.<br/>\u00a0</p><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4><p><span>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=4015193\" id=\"kb-link-10\" target=\"_self\">Microsoft Update Catalog</a> website.<br/><br/><span class=\"text-base\">Not</span><span><span class=\"text-base\">e</span></span> You m<span>ust be running Microsoft Inte</span>rnet Explorer 6.0 or a later version.</span></p><h2></h2><h4 class=\"sbody-h4\">Prerequisites</h4><div>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows Vista and for Windows Server 2008</a>.<br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/>\u00a0<h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/>\u00a0<h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update.<br/>\u00a0</div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2017-04-27T14:36:51", "id": "KB4015193", "href": "https://support.microsoft.com/en-us/help/4015193/", "published": "2017-04-27T14:36:51", "title": "DST changes in Windows for Magallanes (Chile)", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-01T22:37:40", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Describes an update that sets October 29 as the end date for daylight saving time (DST) in the West Bank and Gaza starting in 2016.</p><h2>Summary</h2><div class=\"kb-summary-section section\">Microsoft was notified that the end date for the observation of daylight savings time (DST) in the West Bank and Gaza regions for 2016 was moved from October 20 to October 29. We expect the end date to remain the fourth Saturday of October until further notice. This change affects the following time zone.<br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"><span class=\"text-base\">Time zone key name</span></th><th class=\"sbody-th\"><span class=\"text-base\">Display name</span></th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">West Bank Standard Time</td><td class=\"sbody-td\">(UTC+02:00) Gaza, Hebron</td></tr></table></div><br/><br/>This update applies to the following operating systems:<br/><br/><br/><br/><ul class=\"sbody-free_list\"><li>Windows Server 2012 R2</li><li>Windows Server 2012</li><li>Windows 8.1</li><li>Windows Server 2008 R2 Service Pack 1 (SP1) </li><li>Windows 7 SP1 </li><li>Windows Server 2008 Service Pack 2 (SP2) </li><li>Windows Vista SP2</li></ul><span class=\"text-base\">Note</span> To get the update for Windows 10, install the latest cumulative updates that are listed in the <a href=\"http://windows.microsoft.com/en-us/windows-10/update-history-windows-10\" id=\"kb-link-1\" target=\"_self\">Windows 10 update history page</a>.<br/></div><h2>Resolution</h2><div class=\"kb-resolution-section section\">The update that is described in this article moves the DST end date for Gaza, Hebron Standard Time to October 29 starting in 2016.<br/><br/>For more information about how DST changes may affect other Microsoft products, go to the following Microsoft website:<br/><br/><div class=\"indent\"><a href=\"https://support.microsoft.com/gp/cp_dst\" id=\"kb-link-2\" target=\"_self\">General information about DST</a></div>For more information about how DST changes may affect other Microsoft products, click the following article number to go to the article in the Microsoft Knowledge Base:<br/><br/><div class=\"indent\"><a href=\"https://support.microsoft.com/help/914387\" id=\"kb-link-3\" target=\"_self\">914387 How to configure daylight saving time for Microsoft Windows operating systems</a></div><span class=\"text-base\">Note</span> When you apply this update, you may receive a message that resembles the following:<br/><br/><div class=\"indent\"><div class=\"message\">Update cannot be installed as a newer or same time zone update has already been installed on the system.</div></div>This message indicates that either you have already applied the correct update or Windows Updates or Microsoft Update has automatically installed this update. No additional action is required to update the Windows operating system.<br/> </div><h2>How to get this update</h2><div class=\"kb-resolution-section section\"><h3 class=\"sbody-h3\">Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2 SP1, Windows 7 SP1</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as part of an <span class=\"text-base\">Optional</span> update rollup on Windows Update. To learn more about the update rollups that have been released for these operating systems, see the following Microsoft Knowledge Base articles:<div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/24717/windows-8-1-windows-server-2012-r2-update-history\" id=\"kb-link-4\" target=\"_self\">Windows 8.1 and Windows Server 2012 R2 update history</a><br/><a href=\"https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history\" id=\"kb-link-5\" target=\"_self\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a><br/><a href=\"https://support.microsoft.com/en-us/help/22811/windows-server-2012-update-history\" id=\"kb-link-6\" target=\"_self\">Windows Server 2012 update history</a></div>For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-7\" target=\"_self\">How to get an update through Windows Update</a>. <br/><br/><br/><br/><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4>This update is now available for installation through WSUS.<br/><br/><br/><br/><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=3203884\" id=\"kb-link-8\" target=\"_self\">Microsoft Update Catalog</a> website. <br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/><br/><h3 class=\"sbody-h3\">Windows Server 2008 SP2, Windows Vista</h3><h4 class=\"sbody-h4\">Method 1: Windows Update</h4>This update is provided as an <span class=\"text-base\">Optional</span> update on Windows Update. For more information about how to run Windows Update, see <a href=\"https://support.microsoft.com/help/3067639\" id=\"kb-link-9\" target=\"_self\">How to get an update through Windows Update</a>.<br/><br/><br/><br/><h4 class=\"sbody-h4\">Method 2: Windows Server Update Service</h4>This update is now available for installation through WSUS.<br/><br/><br/><br/><h4 class=\"sbody-h4\">Method 3: Microsoft Update Catalog</h4>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=3203884\" id=\"kb-link-10\" target=\"_self\">Microsoft Update Catalog</a> website. <br/><br/><span class=\"text-base\">Note</span> You must be running Microsoft Internet Explorer 6.0 or a later version.<br/><br/><h4 class=\"sbody-h4\">Prerequisites</h4>To apply this update, you must have the <a href=\"https://support.microsoft.com/help/2919355\" id=\"kb-link-11\" target=\"_self\">April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)</a> installed on Windows 8.1 or Windows Server 2012 R2. Or, install <a href=\"https://support.microsoft.com/help/976932\" id=\"kb-link-12\" target=\"_self\">Service Pack 1 for Windows 7 or Windows Server 2008 R2</a>. Or, install <a href=\"https://support.microsoft.com/help/948465\" id=\"kb-link-13\" target=\"_self\">Service Pack 2 for Windows Vista and for Windows Server 2008</a>.<br/><br/><br/><br/>There are no prerequisites to install this update on Windows Server 2012.<br/><br/><br/><br/><h4 class=\"sbody-h4\">Registry information</h4>To apply this update, you do not have to make any changes to the registry.<br/><br/><h4 class=\"sbody-h4\">Restart requirement</h4>You do not have to restart the computer after you install this update. </div><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-14\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.</div></body></html>", "edition": 16, "modified": "2016-12-13T16:17:04", "id": "KB3203884", "href": "https://support.microsoft.com/en-us/help/3203884/", "published": "2016-10-29T00:00:00", "title": "West Bank and Gaza move DST end date to October 29, 2016", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}]}
