Lucene search
SuseOPENSUSE-SU-2016:1266-1HistoryMay 07, 2016 - 6:07 p.m.
Security update for ImageMagick (important)
2016-05-0718:07:43
lists.opensuse.org
19
0.971 High
EPSS
Percentile
99.7%
This update for ImageMagick fixes the following issues:
Security issues fixed:
- Several coders were vulnerable to remote code execution attacks, these
coders have now been disabled by default but can be re-enabled by
editing "/etc/ImageMagick-*/policy.xml" (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to
(potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagickโs โephemeralโ
pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagickโs โmslโ pseudo
protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagickโs โlabelโ
pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP
GET or FTP request.
Bugs fixed:
- Use external svg loader (rsvg)
This update was imported from the SUSE:SLE-12:Update update project.
References
Related
slackware
slackware
[slackware-security] imagemagick
2016-05-11 06:33:30
[slackware-security] imagemagick
2016-05-11 06:33:30
nessus
nessus
f5
f5
SOL10550253 - ImageMagick vulnerability CVE-2016-3715
2016-05-13 00:00:00
SOL25102203 - ImageMagick vulnerability CVE-2016-3716
2016-05-13 00:00:00
SOL29154575 - ImageMagick vulnerability CVE-2016-3717
2016-05-13 00:00:00
openvas
openvas
CentOS Update for ImageMagick CESA-2016:0726 centos7
2016-05-10 00:00:00
RedHat Update for ImageMagick RHSA-2016:0726-01
2016-05-10 00:00:00
SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)
2016-05-08 00:00:00
amazon
amazon
Important: ImageMagick
2016-05-11 11:00:00
centos
centos
ImageMagick security update
2016-05-09 17:51:59
suse
suse
Security update for ImageMagick (important)
2016-05-07 13:08:32
Security update for ImageMagick (important)
2016-05-07 14:07:41
Security update for ImageMagick (important)
2016-05-11 17:08:09
exploitpack
exploitpack
ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities
2016-05-04 00:00:00
altlinux
altlinux
redhat
redhat
(RHSA-2016:0726) Important: ImageMagick security update
2016-05-09 16:56:15
osv
osv
imagemagick - security update
2016-05-16 00:00:00
imagemagick - security update
2016-05-23 00:00:00
graphicsmagick - security update
2016-05-21 00:00:00
debian
debian
[SECURITY] [DSA 3580-1] imagemagick security update
2016-05-16 17:37:08
[SECURITY] [DSA 3580-1] imagemagick security update
2016-05-16 17:37:08
[SECURITY] [DLA 486-1] imagemagick security update
2016-05-23 02:34:38
seebug
seebug
ImageMagick ๅฝไปคๆง่กๆผๆด
(ImageTragick)
2016-05-04 00:00:00
Wordpress 4.5.1 Remote Command Execute
2016-05-05 00:00:00
zdt
zdt
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
2016-05-04 00:00:00
oraclelinux
oraclelinux
ImageMagick security update
2016-05-09 00:00:00
ImageMagick security update
2016-06-16 00:00:00
mageia
mageia
Updated imagemagick/ruby-rmagic packages fix security vulnerability
2016-05-20 14:38:30
freebsd
freebsd
ImageMagick -- multiple vulnerabilities
2016-05-03 00:00:00
cloudfoundry
cloudfoundry
USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry
2016-06-13 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-06-02 00:00:00
exploitdb
exploitdb
attackerkb
attackerkb
CVE-2016-3718
2016-05-05 00:00:00
CVE-2016-3715
2016-05-05 00:00:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2016-11-30 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Server-Side Request Forgery (SSRF)
2017-02-01 07:03:28
Information Disclosure
2017-02-01 07:28:18
Arbitrary File Moving
2017-02-01 08:02:13
checkpoint_advisories
checkpoint_advisories
ImageMagick Pseudo Protocol Use Local Information Disclosure (CVE-2016-3717)
2016-06-29 00:00:00
ImageMagick Server Side Request Forgery (CVE-2016-3718)
2016-06-29 00:00:00
ImageMagick Unauthorized File Moving (CVE-2016-3716)
2016-06-29 00:00:00
debiancve
debiancve
redhatcve
redhatcve
cve
cve
prion
prion
Code injection
2016-05-05 18:59:00
Code injection
2016-05-05 18:59:00
Server side request forgery (ssrf)
2016-05-05 18:59:00
thn
thn
packetstorm
packetstorm
ImageMagick Delegate Arbitrary Command Execution
2016-05-06 00:00:00
threatpost
threatpost
Public Exploits Available for ImageMagick Vulnerabilities
2016-05-04 12:17:05
SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform
2019-06-25 22:47:50
hackerone
hackerone
cert
cert
symantec
symantec
SA151: ImageMagick RCE Vulnerability (ImageTragick)
2017-07-05 08:00:00
archlinux
archlinux
imagemagick: arbitrary code execution
2016-05-05 00:00:00
myhack58
myhack58
cisa_kev
cisa_kev
ImageMagick Arbitrary File Deletion Vulnerability
2021-11-03 00:00:00
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
2021-11-03 00:00:00