Lucene search

SuseSUSE-SU-2016:1275-1

HistoryMay 11, 2016 - 5:08 p.m.

Security update for ImageMagick (important)

2016-05-1117:08:09

lists.opensuse.org

0.971 High

EPSS

Percentile

99.7%

JSON

This update for ImageMagick fixes the following issues:

Security issues fixed:

Several coders were vulnerable to remote code execution attacks, these
coders have now been disabled. They can be re-enabled by exporting the
following environment variable
MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vu
lnerable/ (bsc#978061)
CVE-2016-3714: Insufficient shell characters filtering leads to
(potentially remote) code execution
CVE-2016-3715: Possible file deletion by using ImageMagick’s ‘ephemeral’
pseudo protocol which deletes files after reading.
CVE-2016-3716: Possible file moving by using ImageMagick’s ‘msl’ pseudo
protocol with any extension in any folder.
CVE-2016-3717: Possible local file read by using ImageMagick’s ‘label’
pseudo protocol to get content of the files from the server.
CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP
GET or FTP request.

Bugs fixed:

Use external svg loader (rsvg)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server LTSS11.2s390xlibmagickcore1-32bit< 6.4.3.6-7.34.1libMagickCore1-32bit-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Server11.4s390xlibmagickcore1-32bit< 6.4.3.6-7.34.1libMagickCore1-32bit-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit11.4s390xperl-perlmagick< 6.4.3.6-7.34.1perl-PerlMagick-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Server LTSS11.2s390xlibmagickcore1< 6.4.3.6-7.34.1libMagickCore1-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Debuginfo11.3x86_64imagemagick-debuginfo< 6.4.3.6-7.34.1ImageMagick-debuginfo-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Debuginfo11.2x86_64imagemagick-debuginfo< 6.4.3.6-7.34.1ImageMagick-debuginfo-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS11.2i586libmagickcore1< 6.4.3.6-7.34.1libMagickCore1-6.4.3.6-7.34.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.4x86_64libmagickwand1< 6.4.3.6-7.34.1libMagickWand1-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit11.4i586imagemagick-devel< 6.4.3.6-7.34.1ImageMagick-devel-6.4.3.6-7.34.1.i586.rpm
SUSE Linux Enterprise Server11.4i586libmagickcore1< 6.4.3.6-7.34.1libMagickCore1-6.4.3.6-7.34.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server LTSS	11.2	s390x	libmagickcore1-32bit	< 6.4.3.6-7.34.1	libMagickCore1-32bit-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Server	11.4	s390x	libmagickcore1-32bit	< 6.4.3.6-7.34.1	libMagickCore1-32bit-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	11.4	s390x	perl-perlmagick	< 6.4.3.6-7.34.1	perl-PerlMagick-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Server LTSS	11.2	s390x	libmagickcore1	< 6.4.3.6-7.34.1	libMagickCore1-6.4.3.6-7.34.1.s390x.rpm
SUSE Linux Enterprise Debuginfo	11.3	x86_64	imagemagick-debuginfo	< 6.4.3.6-7.34.1	ImageMagick-debuginfo-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Debuginfo	11.2	x86_64	imagemagick-debuginfo	< 6.4.3.6-7.34.1	ImageMagick-debuginfo-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS	11.2	i586	libmagickcore1	< 6.4.3.6-7.34.1	libMagickCore1-6.4.3.6-7.34.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.4	x86_64	libmagickwand1	< 6.4.3.6-7.34.1	libMagickWand1-6.4.3.6-7.34.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	11.4	i586	imagemagick-devel	< 6.4.3.6-7.34.1	ImageMagick-devel-6.4.3.6-7.34.1.i586.rpm
SUSE Linux Enterprise Server	11.4	i586	libmagickcore1	< 6.4.3.6-7.34.1	libMagickCore1-6.4.3.6-7.34.1.i586.rpm

Rows per page:

1-10 of 811

References

bugzilla.suse.com/978061