This update for ImageMagick fixes the following issues:
* CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]
* CVE-2016-9559 Possible Null pointer access found by fuzzing
[bsc#1011136]
* CVE-2016-8707 Possible code execution in Tiff conver utility
[bsc#1014159]
* CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could
lead to Heap overflow [bsc#1009318]
* CVE-2016-9559 Possible Null pointer access found by fuzzing
[bsc#1011136]
{"openvas": [{"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:0023-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2014-9848", "CVE-2016-9559"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851467", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851467\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-05 05:43:02 +0100 (Thu, 05 Jan 2017)\");\n script_cve_id(\"CVE-2014-9848\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9556\",\n \"CVE-2016-9559\", \"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:0023-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]\n\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n\n * CVE-2016-8707 Possible code execution in Tiff convert utility\n [bsc#1014159]\n\n * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could\n lead to Heap overflow [bsc#1009318]\n\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0023-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2016-8862"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851460", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851460\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-23 05:47:19 +0100 (Fri, 23 Dec 2016)\");\n script_cve_id(\"CVE-2016-8707\", \"CVE-2016-8862\", \"CVE-2016-8866\", \"CVE-2016-9556\",\n \"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update for ImageMagick fixes the following issues:\n\n - a maliciously crafted compressed TIFF image could cause code remote code\n execution in the convert utility in particular circumstances\n (CVE-2016-8707, boo#1014159)\n\n - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318,\n follow up on CVE-2016-8862)\n\n - the identify utility could crash on maliciously crafted images\n (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3233-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5\", rpm:\"libMagick++-6_Q16-5~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo\", rpm:\"libMagick++-6_Q16-5-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2\", rpm:\"libMagickCore-6_Q16-2~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo\", rpm:\"libMagickCore-6_Q16-2-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2\", rpm:\"libMagickWand-6_Q16-2~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo\", rpm:\"libMagickWand-6_Q16-2-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-32bit\", rpm:\"libMagick++-6_Q16-5-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-5-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-32bit\", rpm:\"libMagickCore-6_Q16-2-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-2-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-32bit\", rpm:\"libMagickWand-6_Q16-2-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-2-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:39:55", "description": "The host is installed with ImageMagick\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9773", "CVE-2016-9556"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810558\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 09:22:03 +0530 (Tue, 21 Feb 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a heap-based buffer overflow\n error in the 'IsPixelGray' function in MagickCore/pixel-accessor.h script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (out-of-bounds heap read).\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-8 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/02/11\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer == \"7.0.3.8\")\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-9');\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-05T18:35:53", "description": "The host is installed with ImageMagick\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9773", "CVE-2016-9556"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810556\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 15:05:25 +0530 (Mon, 20 Feb 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a heap-based buffer overflow\n error in the 'IsPixelGray' function in MagickCore/pixel-accessor.h script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (out-of-bounds heap read).\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/02/11\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer == \"7.0.3.8\")\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-9');\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:20:30", "description": "The host is installed with ImageMagick\n and is prone to a denial of service vulnerability.", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "ImageMagick Denial of Service Vulnerability Mar17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9559"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810580", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Denial of Service Vulnerability Mar17 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810580\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-9559\");\n script_bugtraq_id(94489);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 12:18:46 +0530 (Thu, 09 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Denial of Service Vulnerability Mar17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a NULL pointer\n dereference error in 'coders/tiff.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.3.7\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.3.7 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/11/23/4\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.3.7\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3.7');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:21:23", "description": "The host is installed with ImageMagick\n and is prone to a denial of service vulnerability.", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "ImageMagick Denial of Service Vulnerability Mar17 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9559"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Denial of Service Vulnerability Mar17 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810581\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-9559\");\n script_bugtraq_id(94489);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 12:29:40 +0530 (Thu, 09 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Denial of Service Vulnerability Mar17 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a NULL pointer\n dereference error in 'coders/tiff.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.3.7\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.3.7 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/11/23/4\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.3.7\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3.7');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:26:19", "description": "The host is installed with ImageMagick\n and is prone to a code execution vulnerability.", "cvss3": {}, "published": "2016-12-29T00:00:00", "type": "openvas", "title": "ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810261", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810261\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-8707\");\n script_bugtraq_id(94727);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-29 18:21:52 +0530 (Thu, 29 Dec 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an out of bounds write\n error exists in the handling of compressed TIFF images in ImageMagicks's\n convert utility.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in context of the application. Failed\n exploits may result in denial-of-service conditions.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-0 through 7.0.3-8 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=50998\");\n script_xref(name:\"URL\", value:\"https://www.imagemagick.org/script/changelog.php\");\n script_xref(name:\"URL\", value:\"http://www.talosintelligence.com/reports/TALOS-2016-0216\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer =~ \"^(7\\.0\\.3)\")\n{\n if(version_in_range(version:imVer, test_version:\"7.0.3.0\", test_version2:\"7.0.3.8\"))\n {\n report = report_fixed_ver(installed_version:imVer, fixed_version:\"7.0.3-9\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:25:03", "description": "The host is installed with ImageMagick\n and is prone to a code execution vulnerability.", "cvss3": {}, "published": "2016-12-29T00:00:00", "type": "openvas", "title": "ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810260\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-8707\");\n script_bugtraq_id(94727);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-29 18:21:52 +0530 (Thu, 29 Dec 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an out of bounds write\n error exists in the handling of compressed TIFF images in ImageMagicks's\n convert utility.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in context of the application. Failed\n exploits may result in denial-of-service conditions.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-0 through 7.0.3-8\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=50998\");\n script_xref(name:\"URL\", value:\"https://www.imagemagick.org/script/changelog.php\");\n script_xref(name:\"URL\", value:\"http://www.talosintelligence.com/reports/TALOS-2016-0216\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer =~ \"^(7\\.0\\.3)\")\n{\n if(version_in_range(version:imVer, test_version:\"7.0.3.0\", test_version2:\"7.0.3.8\"))\n {\n report = report_fixed_ver(installed_version:imVer, fixed_version:\"7.0.3-9\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:58", "description": "Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.", "cvss3": {}, "published": "2016-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3726-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862", "CVE-2016-9559"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703726", "href": "http://plugins.openvas.org/nasl.php?oid=703726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3726.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3726-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703726);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\",\n \"CVE-2016-9556\", \"CVE-2016-9559\");\n script_name(\"Debian Security Advisory DSA 3726-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-26 00:00:00 +0100 (Sat, 26 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3726.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to\ncreate, edit, and compose bitmap images. It can read, convert and write images\nin a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000,\nPDF, PhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate,\nflip, mirror, rotate, scale, shear and transform images, adjust image colors,\napply various special effects, or draw text, lines, polygons, ellipses and\nBezier curves. All manipulations can be achieved through shell commands as\nwell as through an X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:02", "description": "Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.", "cvss3": {}, "published": "2016-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3726-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862", "CVE-2016-9559"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3726.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3726-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703726\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\",\n \"CVE-2016-9556\", \"CVE-2016-9559\");\n script_name(\"Debian Security Advisory DSA 3726-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-26 00:00:00 +0100 (Sat, 26 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3726.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:20", "description": "This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8866", "CVE-2016-8862"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810562\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-8862\", \"CVE-2016-8866\");\n script_bugtraq_id(93794);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 10:39:33 +0530 (Tue, 21 Feb 2017)\");\n script_name(\"ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n a memory corruption error in 'AcquireMagickMemory' function in\n MagickCore/memory.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version before 7.0.3.8 on\n Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version 7.0.3.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/20/3\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## CVE-2016-8866 is due to an incomplete fix for CVE-2016-8862\n## CVE-2016-8862 , not fixed completely in 7.0.3.3, complete fix is in 7.0.3.8\nif(version_is_less(version:gmVer, test_version:\"7.0.3.8\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"7.0.3.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:47", "description": "This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8866", "CVE-2016-8862"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810563", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810563\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-8862\", \"CVE-2016-8866\");\n script_bugtraq_id(93794);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 13:23:30 +0530 (Tue, 21 Feb 2017)\");\n script_name(\"ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n memory corruption error in 'AcquireMagickMemory' function in\n MagickCore/memory.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version before 7.0.3.8\n on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version 7.0.3.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/20/3\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## CVE-2016-8866 is due to an incomplete fix for CVE-2016-8862\n## CVE-2016-8862 , not fixed completely in 7.0.3.3, complete fix is in 7.0.3.8\nif(version_is_less(version:gmVer, test_version:\"7.0.3.8\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"7.0.3.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3142-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-3142-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842968\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:13 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3142-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\n handled certain malformed image files. If a user or automated system using\n ImageMagick were tricked into opening a specially crafted image, an attacker could\n exploit this to cause a denial of service or possibly execute code with the\n privileges of the user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3142-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3142-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4-extra\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "description": "This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.", "cvss3": {}, "published": "2017-03-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3799-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703799", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3799.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3799-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703799\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_name(\"Debian Security Advisory DSA 3799-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-01 00:00:00 +0100 (Wed, 01 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3799.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3222-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2016-1016", "CVE-2017-5507"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-3222-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843084\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:41 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-1016\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3222-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick\n incorrectly handled certain malformed image files. If a user or automated system\n using ImageMagick were tricked into opening a specially crafted image, an\n attacker could exploit this to cause a denial of service or possibly execute\n code with the privileges of the user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3222-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3222-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4-extra\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:26", "description": "This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.", "cvss3": {}, "published": "2017-03-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3799-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703799", "href": "http://plugins.openvas.org/nasl.php?oid=703799", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3799.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3799-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703799);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_name(\"Debian Security Advisory DSA 3799-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-03-01 00:00:00 +0100 (Wed, 01 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3799.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to create, edit, and compose bitmap images.\nIt can read, convert and write images in a variety of formats (over 100)\nincluding DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,\nSVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,\nshear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and B\u00e9zier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_pfstools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:19:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_WindowMaker_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873425\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:56:58 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.8~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_gtatool_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:10:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32VMEM3PJFREO5A322OKICOCG3VTTOVO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for k3d FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_k3d_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for k3d FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873419\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:44:24 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for k3d FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'k3d'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"k3d on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PHOZENIVB3UVOEDNORVD5HZEPH7SZPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"k3d\", rpm:\"k3d~0.8.0.6~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for imageinfo FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_imageinfo_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for imageinfo FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873420\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:47:47 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for imageinfo FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imageinfo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"imageinfo on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VCKBLZTRUJIDLAZ3QGNSZGOLWEJNDW7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"imageinfo\", rpm:\"imageinfo~0.05~27.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_emacs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:28:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TYOQUU23FT5ZUDPTUR54NNN5JCH5SAU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for kxstitch FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_kxstitch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kxstitch FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873429\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:25 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kxstitch FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kxstitch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kxstitch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLNHECMOL5F4463M4LEQJETSACMDNHBX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kxstitch\", rpm:\"kxstitch~1.2.0~9.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_perl-Image-SubImageFind_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:00:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NOWPNY5NTXIZANQ327B5JNLTVLZ3BDM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_psiconv_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNV35ZHCWOWCRRB6BLFKV24YTORMLH4X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for techne FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_techne_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for techne FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873434\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:12:19 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for techne FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'techne'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"techne on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7DJTCVESG6E2TSULF5JA6JM427TDGEZF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"techne\", rpm:\"techne~0.2.3~20.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_dmtx-utils_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:15:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dmtx-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dmtx-utils on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VST4FTGSIGVYYYTUCYFUTPBL6QNQE4SY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"dmtx-utils\", rpm:\"dmtx-utils~0.7.4~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vdr-scraper2vdr_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873424\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vdr-scraper2vdr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vdr-scraper2vdr on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LYDZWFUCPPZNZFWH7L5BVXQN4W3QU2F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vdr-scraper2vdr\", rpm:\"vdr-scraper2vdr~1.0.5~4.20170611git254122b.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for drawtiming FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_drawtiming_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for drawtiming FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:04 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for drawtiming FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drawtiming'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drawtiming on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MNO4DLPKYAYFZKQKDGF5FS25DUJN74I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"drawtiming\", rpm:\"drawtiming~0.7.1~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vips FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873431", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vips_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vips FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873431\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:06:18 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vips FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vips'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vips on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LPLGFSY5B4L7T4MM6BRICKAEJLC245Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vips\", rpm:\"vips~8.5.8~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfigstudio_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:34:56 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_autotrace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:42 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_converseen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873407\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.7.2~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_php-pecl-imagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_inkscape_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:32:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ImageMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:50:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDT43G5RDSYGPIQ2RBMEGC3RXRW2ENPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.13~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873412", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rubygem-rmagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873412\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:37:53 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rmagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rmagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUOSYWB3S6UHTG2YAYRCXPBKGXTCGDE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rmagick\", rpm:\"rubygem-rmagick~2.16.0~4.fc26.2\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ripright FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ripright_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ripright FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873391\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:07:30 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ripright FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ripright'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ripright on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LPAVN4T4OJO53IDYG56UAFXKJETIX6W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ripright\", rpm:\"ripright~0.11~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfig FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfig_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfig FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873432\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:09:21 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfig FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfig'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfig on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKIOVPVMFP2JAQIRGCJ6ORJL3I6OI7B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfig\", rpm:\"synfig~1.2.0~9.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rss-glx FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rss-glx_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rss-glx FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873438\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:18:44 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rss-glx FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rss-glx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rss-glx on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZ6NMRLOPTO2IHIEEO25SQ5Z7MWPQKK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rss-glx\", rpm:\"rss-glx~0.9.1.p~29.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for q FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_q_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for q FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873394\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:13:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for q FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"q on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWCQW6OHAB26KVSQTGYVOIKEHH3ENZ4Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~29.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2016-7529", "CVE-2014-9831", "CVE-2016-8683", "CVE-2014-9853", "CVE-2014-9807", "CVE-2016-7533", "CVE-2014-9817", "CVE-2014-9845", "CVE-2014-9834", "CVE-2016-7997", "CVE-2016-7996", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2014-9820", "CVE-2016-9556", "CVE-2014-9837", "CVE-2014-9815", "CVE-2016-7528", "CVE-2014-9835", "CVE-2016-8862", "CVE-2014-9805", "CVE-2016-7522", "CVE-2016-8684", "CVE-2014-9846", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7101", "CVE-2016-8682", "CVE-2016-5118"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851511", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851511\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:17:51 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9809\", \"CVE-2014-9815\",\n \"CVE-2014-9817\", \"CVE-2014-9820\", \"CVE-2014-9831\", \"CVE-2014-9834\",\n \"CVE-2014-9835\", \"CVE-2014-9837\", \"CVE-2014-9845\", \"CVE-2014-9846\",\n \"CVE-2014-9853\", \"CVE-2016-5118\", \"CVE-2016-6823\", \"CVE-2016-7101\",\n \"CVE-2016-7515\", \"CVE-2016-7522\", \"CVE-2016-7528\", \"CVE-2016-7529\",\n \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\",\n \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\",\n \"CVE-2016-8684\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n - a possible shell execution attack was fixed. if the first character of\n an input filename for 'convert' was a 'pipe' char then the remainder of the\n filename was passed to the shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,\n [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809,\n boo#983799)\n\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815,\n boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,\n boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,\n boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845,\n boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n\n - Fix out of bound access for malformed psd file (CVE-2016-7522,\n boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533,\n boo#1000707)\n\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537,\n boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero in\n WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer\n overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,\n boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n\n - Mismatch between real filesize and header values (CVE-2016-8684,\n boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682,\n boo#1005125)\n\n - Check that filesize is reasonable compared to the header value\n (CVE-2016-8683, boo#1005127)\n\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,\n boo#1007245)\n\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3060-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-17T16:54:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2019-13134", "CVE-2016-10046", "CVE-2014-8716", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2014-9819", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2019-13133", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201390", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1390\");\n script_version(\"2020-04-16T05:46:13+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-13133\", \"CVE-2019-13134\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1390\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1390\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2020-1390 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.(CVE-2014-8354)\n\nPCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8355)\n\nDCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8562)\n\nThe JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).(CVE-2014-8716)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.(CVE-2014-9821)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.(CVE-2014-9822)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.(CVE-2014-9823)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.(CVE-2014-9824)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.(CVE-2014-9825)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ndistribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.(CVE-2014-9852)\n\nMemory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.(CVE-2014-9853)\n\ncoders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the ''identification of image.''(CVE-2014-9854)\n\ncoders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.(CVE-2014-9907)\n\nThe ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.(CVE-2015-8900)\n\nImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.(CVE-2015-8901)\n\nThe ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:39:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2016-10046", "CVE-2014-8716", "CVE-2019-7175", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2016-10052", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220192354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192354", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2354\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10052\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-7175\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:49:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2354\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-2354 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175)\n\nReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)\n\nThe DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)\n\nThe TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)\n\nThe DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564)\n\nThe ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ncoders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)\n\nMemory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)\n\nThe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1833-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851368", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851368\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:55:29 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\",\n \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\",\n \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\",\n \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\",\n \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\",\n \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\",\n \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\",\n \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\",\n \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\",\n \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\",\n \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\",\n \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\",\n \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\",\n \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\",\n \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\",\n \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\",\n \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1833-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.\n (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).\n\n - CVE-2014-9821: Avo ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1833-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851363", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851363", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851363\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-07 05:26:39 +0200 (Thu, 07 Jul 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\",\n \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\",\n \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\",\n \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\",\n \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\",\n \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\",\n \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\",\n \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\",\n \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\",\n \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\",\n \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\",\n \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\",\n \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\",\n \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\",\n \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\",\n \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\",\n \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1748-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Leaked file descriptor due to corrupted file (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1748-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5\", rpm:\"libMagick++-6_Q16-5~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo\", rpm:\"libMagick++-6_Q16-5-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2\", rpm:\"libMagickCore-6_Q16-2~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo\", rpm:\"libMagickCore-6_Q16-2-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2\", rpm:\"libMagickWand-6_Q16-2~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo\", rpm:\"libMagickWand-6_Q16-2-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-32bit\", rpm:\"libMagick++-6_Q16-5-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-5-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-32bit\", rpm:\"libMagickCore-6_Q16-2-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-2-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-32bit\", rpm:\"libMagickWand-6_Q16-2-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-2-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:38:57", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n * CVE-2016-8707 Possible code execution in Tiff conver utility\n [bsc#1014159]\n * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could\n lead to Heap overflow [bsc#1009318]\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-01-04T18:07:50", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2014-9848", "CVE-2016-9559"], "modified": "2017-01-04T18:07:50", "id": "OPENSUSE-SU-2017:0023-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:38:57", "description": "This security update for ImageMagick fixes the following issues:\n\n - a maliciously crafted compressed TIFF image could cause code remote code\n execution in the convert utility in particular circumstances\n (CVE-2016-8707, boo#1014159)\n - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318,\n follow up on CVE-2016-8862)\n - the identify utility could crash on maliciously crafted images\n (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)\n\n", "cvss3": {}, "published": "2016-12-22T15:08:57", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2016-8862"], "modified": "2016-12-22T15:08:57", "id": "OPENSUSE-SU-2016:3233-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n - a possible shell execution attack was fixed. if the first character of\n an input filename for 'convert' was a '|' then the remainder of the\n filename was passed to the shell (CVE-2016-5118, boo#982178)\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,\n [boo#983752])\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809,\n boo#983799)\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815,\n boo#984372)\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,\n boo#984400)\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,\n boo#984145, boo#984375)\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845,\n boo#984394)\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n - Fix out of bound access for malformed psd file (CVE-2016-7522,\n boo#1000698)\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533,\n boo#1000707)\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537,\n boo#1000711)\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n - Divide by zero in WriteTIFFImage (do not divide by zero in\n WriteTIFFImage, boo#1002206)\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer\n overflow, boo#1002209)\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,\n boo#1002422)\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n - Mismatch between real filesize and header values (CVE-2016-8684,\n boo#1005123)\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682,\n boo#1005125)\n - Check that filesize is reasonable compared to the header value\n (CVE-2016-8683, boo#1005127)\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,\n boo#1007245)\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)\n\n", "cvss3": {}, "published": "2016-12-08T18:09:17", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2016-7529", "CVE-2014-9831", "CVE-2016-8683", "CVE-2014-9853", "CVE-2014-9807", "CVE-2016-7533", "CVE-2014-9817", "CVE-2014-9845", "CVE-2014-9834", "CVE-2016-7997", "CVE-2016-7996", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2014-9820", "CVE-2016-9556", "CVE-2014-9837", "CVE-2014-9815", "CVE-2016-7528", "CVE-2014-9835", "CVE-2016-8862", "CVE-2014-9805", "CVE-2016-7522", "CVE-2016-8684", "CVE-2014-9846", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7101", "CVE-2016-8682", "CVE-2016-5118"], "modified": "2016-12-08T18:09:17", "id": "OPENSUSE-SU-2016:3060-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:57", "description": "ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.\n (bsc#983774).\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).\n - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014).\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder\n (bsc#984144).\n - CVE-2014-9846: Added checks to prevent overflow in rle file.\n (bsc#983521).\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in\n ImageMagick made an incorrect function call in attempting to locate the\n next token, which allowed remote attackers to cause a denial of service\n (buffer overflow and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983308).\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in\n ImageMagick mishandled the relationship between the BezierQuantum value\n and certain strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application crash) or possibly\n have unspecified other impact via a crafted file (bsc#983305).\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in\n ImageMagick mishandled calculations of certain vertices integer data,\n which allowed remote attackers to cause a denial of service (buffer\n overflow and application crash) or possibly have unspecified other\n impact via a crafted file (bsc#983292).\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could\n have lead to memory leak (bnc#986608).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-07-20T12:09:04", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2016-07-20T12:09:04", "id": "OPENSUSE-SU-2016:1833-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:38:56", "description": "ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n - CVE-2014-9806: Leaked file descriptor due to corrupted file (bsc#983774).\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).\n - CVE-2014-9821: Avoid heap overflow in pnm files (bsc#984014).\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n - CVE-2014-9809: SEGV due to corrupted xwd images (bsc#983799).\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder\n (bsc#984144).\n - CVE-2014-9846: Added checks to prevent overflow in rle file (bsc#983521).\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n - CVE-2014-9807: Double free in pdb coder (bsc#983794).\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752).\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in\n ImageMagick made an incorrect function call in attempting to locate the\n next token, which allowed remote attackers to cause a denial of service\n (buffer overflow and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983308).\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in\n ImageMagick mishandled the relationship between the BezierQuantum value\n and certain strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application crash) or possibly\n have unspecified other impact via a crafted file (bsc#983305).\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in\n ImageMagick mishandled calculations of certain vertices integer data,\n which allowed remote attackers to cause a denial of service (buffer\n overflow and application crash) or possibly have unspecified other\n impact via a crafted file (bsc#983292).\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n - CVE-2016-5841: Out-of-bounds read in MagickCore/property.c:1396 could\n lead to memory leak/ Integer overflow read to RCE (bnc#986609).\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could\n lead to memory leak/ Integer overflow read to RCE (bnc#986608).\n\n", "cvss3": {}, "published": "2016-07-06T21:04:22", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2016-07-06T21:04:22", "id": "OPENSUSE-SU-2016:1748-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:38:56", "description": "ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.\n (bsc#983774).\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).\n - CVE-2014-9821: Avoid heap overflow in pnm files. (bsc#984014).\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n - CVE-2014-9847: Incorrect handling of "previous" image in the JNG decoder\n (bsc#984144).\n - CVE-2014-9846: Added checks to prevent overflow in rle file.\n (bsc#983521).\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in\n ImageMagick made an incorrect function call in attempting to locate the\n next token, which allowed remote attackers to cause a denial of service\n (buffer overflow and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983308).\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in\n ImageMagick mishandled the relationship between the BezierQuantum value\n and certain strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application crash) or possibly\n have unspecified other impact via a crafted file (bsc#983305).\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in\n ImageMagick mishandled calculations of certain vertices integer data,\n which allowed remote attackers to cause a denial of service (buffer\n overflow and application crash) or possibly have unspecified other\n impact via a crafted file (bsc#983292).\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could\n have lead to memory leak (bnc#986608).\n\n", "cvss3": {}, "published": "2016-07-11T16:26:48", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2016-07-11T16:26:48", "id": "SUSE-SU-2016:1784-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-05-19T14:23:55", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]\n\n - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136]\n\n - CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159]\n\n - CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318]\n\n - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9848", "CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9556", "CVE-2016-9559", "CVE-2016-9773"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96139);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9848\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-9773\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556 Possible Heap-overflow found by fuzzing\n [bsc#1011130]\n\n - CVE-2016-9559 Possible NULL pointer access found by\n fuzzing [bsc#1011136]\n\n - CVE-2016-8707 Possible code execution in Tiff conver\n utility [bsc#1014159]\n\n - CVE-2016-8866 Memory allocation failure in\n AcquireMagickMemory could lead to Heap overflow\n [bsc#1009318]\n\n - CVE-2016-9559 Possible NULL pointer access found by\n fuzzing [bsc#1011136]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9848/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8866/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9556/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9773/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163258-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f350aff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2016-1905=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1905=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1905=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1905=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1905=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1905=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1905=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1905=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1905=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-54.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:40", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]\n\n - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136]\n\n - CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159]\n\n - CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318]\n\n - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9848", "CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9556", "CVE-2016-9559", "CVE-2016-9773"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-14.NASL", "href": "https://www.tenable.com/plugins/nessus/96296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-14.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96296);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9848\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-9773\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-14)\");\n script_summary(english:\"Check for the openSUSE-2017-14 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556 Possible Heap-overflow found by fuzzing\n [bsc#1011130]\n\n - CVE-2016-9559 Possible NULL pointer access found by\n fuzzing [bsc#1011136]\n\n - CVE-2016-8707 Possible code execution in Tiff conver\n utility [bsc#1014159]\n\n - CVE-2016-8866 Memory allocation failure in\n AcquireMagickMemory could lead to Heap overflow\n [bsc#1009318]\n\n - CVE-2016-9559 Possible NULL pointer access found by\n fuzzing [bsc#1011136]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014159\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:43", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130]\n\n - CVE-2016-9559: Possible NULL pointer access found by fuzzing [bsc#1011136]\n\n - CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159]\n\n - CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376]\n\n - CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7530", "CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9556", "CVE-2016-9559", "CVE-2016-9773"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3256-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3256-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96138);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7530\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-9773\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-9556: Possible Heap-overflow found by fuzzing\n [bsc#1011130]\n\n - CVE-2016-9559: Possible NULL pointer access found by\n fuzzing [bsc#1011136]\n\n - CVE-2016-8707: Possible code execution in the tiff\n deflate convert code [bsc#1014159]\n\n - CVE-2016-9773: Possible Heap overflow in IsPixelGray\n [bsc#1013376]\n\n - CVE-2016-8866: Possible memory allocation failure in\n AcquireMagickMemory [bsc#1009318]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8866/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9556/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9773/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163256-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abec5552\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-12917=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-12917=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-12917=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:27", "description": "This security update for ImageMagick fixes the following issues :\n\n - a maliciously crafted compressed TIFF image could cause code remote code execution in the convert utility in particular circumstances (CVE-2016-8707, boo#1014159)\n\n - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318, follow up on CVE-2016-8862)\n\n - the identify utility could crash on maliciously crafted images (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-1512)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9556", "CVE-2016-9773"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1512.NASL", "href": "https://www.tenable.com/plugins/nessus/96133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1512.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96133);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8707\", \"CVE-2016-8862\", \"CVE-2016-8866\", \"CVE-2016-9556\", \"CVE-2016-9773\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-1512)\");\n script_summary(english:\"Check for the openSUSE-2016-1512 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update for ImageMagick fixes the following issues :\n\n - a maliciously crafted compressed TIFF image could cause\n code remote code execution in the convert utility in\n particular circumstances (CVE-2016-8707, boo#1014159)\n\n - a memory allocation failure was fixed (CVE-2016-8866,\n boo#1009318, follow up on CVE-2016-8862)\n\n - the identify utility could crash on maliciously crafted\n images (CVE-2016-9773, boo#1013376, follow up on\n CVE-2016-9556)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014159\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-45.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:40:38", "description": "The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-9. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions.\nAn unauthenticated, remote attacker can exploit this to crash a process linked against the library or possibly disclose memory contents.\n\nNote that CVE-2016-9773 exists due to an incomplete fix for CVE-2016-9556.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "ImageMagick 7.x < 7.0.3-9 ReadSGIImage() SGI File Handling DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9556", "CVE-2016-9773"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_7_0_3_9.NASL", "href": "https://www.tenable.com/plugins/nessus/95722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95722);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\"CVE-2016-9556\", \"CVE-2016-9773\");\n script_bugtraq_id(94492);\n\n script_name(english:\"ImageMagick 7.x < 7.0.3-9 ReadSGIImage() SGI File Handling DoS\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 7.x\nprior to 7.0.3-9. It is, therefore, affected by a denial of service\nvulnerability due to an out-of-bounds read error in the ReadSGIImage()\nfunction within file coders/sgi.c when handling iris info dimensions.\nAn unauthenticated, remote attacker can exploit this to crash a\nprocess linked against the library or possibly disclose memory\ncontents.\n\nNote that CVE-2016-9773 exists due to an incomplete fix for\nCVE-2016-9556.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ImageMagick/ImageMagick/issues/301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ImageMagick/ImageMagick/issues/312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q4/469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q4/550\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 7.0.3-9 or later. Note that you may\nalso need to manually uninstall the vulnerable version from the\nsystem.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '7.0.0-0', 'fixed_version' : '7.0.3-9'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:11", "description": "This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1415)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9556", "CVE-2016-9559"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1415.NASL", "href": "https://www.tenable.com/plugins/nessus/95595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1415.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95595);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9556\", \"CVE-2016-9559\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1415)\");\n script_summary(english:\"Check for the openSUSE-2016-1415 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines for TIFF (boo#1011136)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debuginfo-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debugsource-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-devel-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-debuginfo-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-devel-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick3-config-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-1.3.21-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-debuginfo-1.3.21-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:38", "description": "This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1414)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9556", "CVE-2016-9559"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1414.NASL", "href": "https://www.tenable.com/plugins/nessus/95594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1414.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95594);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9556\", \"CVE-2016-9559\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1414)\");\n script_summary(english:\"Check for the openSUSE-2016-1414 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines for TIFF (boo#1011136)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debuginfo-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debugsource-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-devel-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-debuginfo-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-devel-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick3-config-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-1.3.20-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.20-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:11", "description": "This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-1413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9556", "CVE-2016-9559"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/95593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1413.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95593);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9556\", \"CVE-2016-9559\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-1413)\");\n script_summary(english:\"Check for the openSUSE-2016-1413 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2016-9556: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines (boo#1011130)\n\n - CVE-2016-9559: Maliciously crafted image headers could\n cause denial of service in image format detection\n routines for TIFF (boo#1011136)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:07", "description": "Numerous vulnerabilities were discovered in ImageMagick, an image manipulation program. Issues include memory exception, heap, buffer and stack overflows, out of bound reads and missing checks.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u10.\n\nThe exact impact of the vulnerabilities is unknown, as they were mostly discovered through fuzzing. We still recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "Debian DLA-756-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9556"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-756.NASL", "href": "https://www.tenable.com/plugins/nessus/96051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-756-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96051);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-8707\", \"CVE-2016-8862\", \"CVE-2016-8866\", \"CVE-2016-9556\");\n\n script_name(english:\"Debian DLA-756-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Numerous vulnerabilities were discovered in ImageMagick, an image\nmanipulation program. Issues include memory exception, heap, buffer\nand stack overflows, out of bound reads and missing checks.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u10.\n\nThe exact impact of the vulnerabilities is unknown, as they were\nmostly discovered through fuzzing. We still recommend that you upgrade\nyour imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:40:00", "description": "The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-5. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c.\nAn unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "ImageMagick 6.x < 6.9.6-5 TIFFGetProperties() NULL Pointer Dereference DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9559"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_6_9_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/95719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95719);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\"CVE-2016-9559\");\n script_bugtraq_id(94489);\n\n script_name(english:\"ImageMagick 6.x < 6.9.6-5 TIFFGetProperties() NULL Pointer Dereference DoS\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 6.x\nprior to 6.9.6-5. It is, therefore, affected by a denial of service\nvulnerability due to a NULL pointer dereference flaw in the\nTIFFGetProperties() function within file coders/tiff.c.\nAn unauthenticated, remote attacker can exploit this, via a specially\ncrafted TIFF image, to crash a process linked against the library.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ImageMagick/ImageMagick/issues/298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q4/472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 6.9.6-5 or later. Note that you may\nalso need to manually uninstall the vulnerable version from the\nsystem.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '6.0.0-0', 'fixed_version' : '6.9.6-5'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:40:44", "description": "The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-7. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c. An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "ImageMagick 7.x < 7.0.3-7 TIFFGetProperties() NULL Pointer Dereference DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9559"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_7_0_3_7.NASL", "href": "https://www.tenable.com/plugins/nessus/95721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95721);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\"CVE-2016-9559\");\n script_bugtraq_id(94489);\n\n script_name(english:\"ImageMagick 7.x < 7.0.3-7 TIFFGetProperties() NULL Pointer Dereference DoS\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 7.x\nprior to 7.0.3-7. It is, therefore, affected by a denial of service\nvulnerability due to a NULL pointer dereference flaw in the\nTIFFGetProperties() function within file coders/tiff.c. An\nunauthenticated, remote attacker can exploit this, via a specially\ncrafted TIFF image, to crash a process linked against the library.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ImageMagick/ImageMagick/issues/298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q4/472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 7.0.3-7 or later. Note that you may\nalso need to manually uninstall the vulnerable version from the\nsystem.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '7.0.0-0', 'fixed_version' : '7.0.3-7'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:39:54", "description": "The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-6. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions.\nAn unauthenticated, remote attacker can exploit this to crash a process linked against the library or possibly disclose memory contents.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "ImageMagick 6.x < 6.9.6-6 ReadSGIImage() SGI File Handling DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9556"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_6_9_6_6.NASL", "href": "https://www.tenable.com/plugins/nessus/95720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95720);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\"CVE-2016-9556\");\n script_bugtraq_id(94492);\n\n script_name(english:\"ImageMagick 6.x < 6.9.6-6 ReadSGIImage() SGI File Handling DoS\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 6.x\nprior to 6.9.6-6. It is, therefore, affected by a denial of service\nvulnerability due to an out-of-bounds read error in the ReadSGIImage()\nfunction within file coders/sgi.c when handling iris info dimensions.\nAn unauthenticated, remote attacker can exploit this to crash a\nprocess linked against the library or possibly disclose memory\ncontents.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/ImageMagick/ImageMagick/issues/301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q4/469\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 6.9.6-6 or later. Note that you may\nalso need to manually uninstall the vulnerable version from the\nsystem.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '6.0.0-0', 'fixed_version' : '6.9.6-6'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:39", "description": "Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "Debian DSA-3726-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8862", "CVE-2016-9556", "CVE-2016-9559"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3726.NASL", "href": "https://www.tenable.com/plugins/nessus/95362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3726. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95362);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\", \"CVE-2016-9556\", \"CVE-2016-9559\");\n script_xref(name:\"DSA\", value:\"3726\");\n\n script_name(english:\"Debian DSA-3726-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3726\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:54", "description": "This security update for GraphicsMagick fixes the following issues :\n\n - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318)\n\n - maliciously crafted jng files could crash the identify utility (CVE-2016-9830, boo#1013640)", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8866", "CVE-2016-9830"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/96132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1511.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96132);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8866\", \"CVE-2016-9830\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1511)\");\n script_summary(english:\"Check for the openSUSE-2016-1511 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update for GraphicsMagick fixes the following issues :\n\n - a memory allocation failure was fixed (CVE-2016-8866,\n boo#1009318)\n\n - maliciously crafted jng files could crash the identify\n utility (CVE-2016-9830, boo#1013640)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013640\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debuginfo-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debugsource-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-devel-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-debuginfo-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-devel-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick3-config-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.20-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debuginfo-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debugsource-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-devel-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-debuginfo-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-devel-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick3-config-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-debuginfo-1.3.21-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:14", "description": "Multiple sources report :\n\nCVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31\n\nCVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.\n\nCVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "FreeBSD : ImageMagick7 -- multiple vulnerabilities (e1f67063-aab4-11e6-b2d3-60a44ce6887b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9298"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:imagemagick7", "p-cpe:/a:freebsd:freebsd:imagemagick7-nox11", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E1F67063AAB411E6B2D360A44CE6887B.NASL", "href": "https://www.tenable.com/plugins/nessus/95514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95514);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8862\", \"CVE-2016-8866\", \"CVE-2016-9298\");\n\n script_name(english:\"FreeBSD : ImageMagick7 -- multiple vulnerabilities (e1f67063-aab4-11e6-b2d3-60a44ce6887b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple sources report :\n\nCVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in\nImageMagick7-7.0.3.6, discovered 2016-10-31\n\nCVE-2016-8866: memory allocation failure in AcquireMagickMemory\n(incomplete previous fix for CVE-2016-8862), not fixed yet with the\nrelease of this announcement, re-discovered 2016-10-13.\n\nCVE-2016-8862: memory allocation failure in AcquireMagickMemory,\ninitially partially fixed in ImageMagick7-7.0.3.3, discovered\n2016-09-14.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/ImageMagick/ImageMagick/issues/296\"\n );\n # https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7bfc22fd\"\n );\n # https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c76db473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214514\"\n );\n # https://vuxml.freebsd.org/freebsd/e1f67063-aab4-11e6-b2d3-60a44ce6887b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fae14312\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick7-nox11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick7<7.0.3.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick7-nox11<7.0.3.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:33", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3142-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8862", "CVE-2016-9556"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b4", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3142-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3142-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95427);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n script_xref(name:\"USN\", value:\"3142-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3142-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3142-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick\", pkgver:\"8:6.6.9.7-5ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagick++4\", pkgver:\"8:6.6.9.7-5ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4\", pkgver:\"8:6.6.9.7-5ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4-extra\", pkgver:\"8:6.6.9.7-5ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu8.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:35", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed.", "cvss3": {}, "published": "2017-03-02T00:00:00", "type": "nessus", "title": "Debian DSA-3799-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10062", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-8707", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3799.NASL", "href": "https://www.tenable.com/plugins/nessus/97475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3799. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97475);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_xref(name:\"DSA\", value:\"3799\");\n\n script_name(english:\"Debian DSA-3799-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of\narbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are\nprocessed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3799\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:51", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10062", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-8707", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b4", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3222-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3222-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97634);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_xref(name:\"USN\", value:\"3222-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3222-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick\", pkgver:\"8:6.6.9.7-5ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagick++4\", pkgver:\"8:6.6.9.7-5ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4\", pkgver:\"8:6.6.9.7-5ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4-extra\", pkgver:\"8:6.6.9.7-5ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu8.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:50", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-14482", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3A568ADB31.NASL", "href": "https://www.tenable.com/plugins/nessus/103333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3a568adb31.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103333);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-14482\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n\n script_name(english:\"Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"emacs-25.3-3.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ImageMagick-6.9.9.13-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"WindowMaker-0.95.7-3.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"autotrace-0.31.1-49.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"converseen-0.9.6.2-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"drawtiming-0.7.1-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"gtatool-2.2.0-6.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"imageinfo-0.05-27.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"k3d-0.8.0.6-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"kxstitch-1.2.0-9.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"perl-Image-SubImageFind-0.03-13.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"pfstools-2.0.6-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"php-pecl-imagick-3.4.3-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"psiconv-0.9.8-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"q-7.11-29.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ripright-0.11-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rss-glx-0.9.1.p-27.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rmagick-2.16.0-4.fc25.2\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfig-1.2.0-1.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfigstudio-1.2.0-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"techne-0.2.3-20.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vips-8.4.4-1.fc25.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:12", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:dmtx-utils", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-8F27031C8F.NASL", "href": "https://www.tenable.com/plugins/nessus/103314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8f27031c8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103314);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n\n script_name(english:\"Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f27031c8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dmtx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"emacs-25.3-3.fc26\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ImageMagick-6.9.9.13-1.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"WindowMaker-0.95.8-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"autotrace-0.31.1-49.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"converseen-0.9.6.2-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"dmtx-utils-0.7.4-4.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"drawtiming-0.7.1-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"gtatool-2.2.0-6.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"imageinfo-0.05-27.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"k3d-0.8.0.6-8.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"kxstitch-1.2.0-9.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"perl-Image-SubImageFind-0.03-13.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"pfstools-2.0.6-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"php-pecl-imagick-3.4.3-2.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"psiconv-0.9.8-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"q-7.11-29.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ripright-0.11-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rss-glx-0.9.1.p-29.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rubygem-rmagick-2.16.0-4.fc26.2\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfig-1.2.0-9.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfigstudio-1.2.0-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"techne-0.2.3-20.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vips-8.5.8-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:48", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314).\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320).\n\n - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326).\n\n - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433).\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435).\n\n - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436).\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439).\n\n - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441).\n\n - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:0586-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10046", "CVE-2016-10048", "CVE-2016-10049", "CVE-2016-10050", "CVE-2016-10051", "CVE-2016-10052", "CVE-2016-10059", "CVE-2016-10060", "CVE-2016-10063", "CVE-2016-10064", "CVE-2016-10065", "CVE-2016-10068", "CVE-2016-10070", "CVE-2016-10071", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-9773", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5511"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0586-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0586-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97495);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10046\", \"CVE-2016-10048\", \"CVE-2016-10049\", \"CVE-2016-10050\", \"CVE-2016-10051\", \"CVE-2016-10052\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10068\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-9773\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5511\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:0586-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused\n by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load\n because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed\n a buffer due to a incorrect length calculation\n (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed\n a heap buffer due to a missing offset check\n (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP\n files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of\n JPEG files (bsc#1017314).\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF\n files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing\n files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF\n file reading (bsc#1017320).\n\n - CVE-2016-10064: Improved checks for buffer overflow when\n reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF\n files could have lead to out of bound reads\n (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using\n the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10070: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326).\n\n - CVE-2016-10144: Added a check after allocating memory\n when parsing IPL files (bsc#1020433).\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation\n when parsing WPG files (bsc#1020435).\n\n - CVE-2016-10146: Captions and labels were handled\n incorrectly, causing a memory leak that could have lead\n to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a\n double-free (bsc#1020436).\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC\n files allowing for DoS (bsc#1020439).\n\n - CVE-2017-5508: Increase the amount of memory allocated\n for TIFF pixels to prevent a heap buffer-overflow\n (bsc#1020441).\n\n - CVE-2017-5511: A missing cast when reading PSD files\n could have caused memory corruption by a heap overflow\n (bsc#1020448) This update removes the fix for\n CVE-2016-9773. ImageMagick-6 was not affected by\n CVE-2016-9773 and it caused a regression (at least in\n GraphicsMagick) (bsc#1017421).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10050/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10059/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10063/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10065/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10068/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10071/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5507/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5508/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5511/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170586-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aba767dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-12998=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-12998=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-12998=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.65.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:43", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314)\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319)\n\n - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319).\n\n - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320)\n\n - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10069: Add check for invalid mat file (bsc#1017325).\n\n - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433)\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435)\n\n - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436)\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439)\n\n - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441)\n\n - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446).\n\n - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:0529-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10046", "CVE-2016-10048", "CVE-2016-10049", "CVE-2016-10050", "CVE-2016-10051", "CVE-2016-10052", "CVE-2016-10059", "CVE-2016-10060", "CVE-2016-10061", "CVE-2016-10062", "CVE-2016-10063", "CVE-2016-10064", "CVE-2016-10065", "CVE-2016-10068", "CVE-2016-10069", "CVE-2016-10070", "CVE-2016-10071", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-9773", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0529-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0529-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97317);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10046\", \"CVE-2016-10048\", \"CVE-2016-10049\", \"CVE-2016-10050\", \"CVE-2016-10051\", \"CVE-2016-10052\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-9773\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:0529-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused\n by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load\n because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed\n a buffer due to a incorrect length calculation\n (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed\n a heap buffer due to a missing offset check\n (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP\n files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of\n JPEG files (bsc#1017314)\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF\n files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing\n files to not mask errors (bsc#1017319)\n\n - CVE-2016-10061: Improved error handling when writing\n files to not mask errors (bsc#1017319).\n\n - CVE-2016-10062: Improved error handling when writing\n files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF\n file reading (bsc#1017320)\n\n - CVE-2016-10064: Improved checks for buffer overflow when\n reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF\n files could have lead to out of bound reads\n (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using\n the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10069: Add check for invalid mat file\n (bsc#1017325).\n\n - CVE-2016-10070: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10144: Added a check after allocating memory\n when parsing IPL files (bsc#1020433)\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation\n when parsing WPG files (bsc#1020435)\n\n - CVE-2016-10146: Captions and labels were handled\n incorrectly, causing a memory leak that could have lead\n to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a\n double-free (bsc#1020436)\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC\n files allowing for DoS (bsc#1020439)\n\n - CVE-2017-5508: Increase the amount of memory allocated\n for TIFF pixels to prevent a heap buffer-overflow\n (bsc#1020441)\n\n - CVE-2017-5510: Prevent out-of-bounds write when reading\n PSD files (bsc#1020446).\n\n - CVE-2017-5511: A missing cast when reading PSD files\n could have caused memory corruption by a heap overflow\n (bsc#1020448) This update removes the fix for\n CVE-2016-9773. ImageMagick-6 was not affected by\n CVE-2016-9773 and it caused a regression (at least in\n GraphicsMagick) (bsc#1017421).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10050/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10059/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10061/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10062/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10063/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10065/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10068/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10071/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5507/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5508/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5510/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5511/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170529-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a06fcd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-273=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-273=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-273=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-273=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-273=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-273=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-273=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-273=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-273=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-59.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:09", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314)\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319)\n\n - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319).\n\n - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320)\n\n - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10069: Add check for invalid mat file (bsc#1017325).\n\n - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433)\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435)\n\n - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436)\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439)\n\n - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441)\n\n - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446).\n\n - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448)\n\nThis update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-303)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10046", "CVE-2016-10048", "CVE-2016-10049", "CVE-2016-10050", "CVE-2016-10051", "CVE-2016-10052", "CVE-2016-10059", "CVE-2016-10060", "CVE-2016-10061", "CVE-2016-10062", "CVE-2016-10063", "CVE-2016-10064", "CVE-2016-10065", "CVE-2016-10068", "CVE-2016-10069", "CVE-2016-10070", "CVE-2016-10071", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-9773", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-303.NASL", "href": "https://www.tenable.com/plugins/nessus/97562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-303.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97562);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10046\", \"CVE-2016-10048\", \"CVE-2016-10049\", \"CVE-2016-10050\", \"CVE-2016-10051\", \"CVE-2016-10052\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-9773\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-303)\");\n script_summary(english:\"Check for the openSUSE-2017-303 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-10046: Prevent buffer overflow in draw.c caused\n by an incorrect length calculation (bsc#1017308)\n\n - CVE-2016-10048: Arbitrary module could have been load\n because relative path were not escaped (bsc#1017310)\n\n - CVE-2016-10049: Corrupt RLE files could have overflowed\n a buffer due to a incorrect length calculation\n (bsc#1017311)\n\n - CVE-2016-10050: Corrupt RLE files could have overflowed\n a heap buffer due to a missing offset check\n (bsc#1017312)\n\n - CVE-2016-10051: Fixed use after free when reading PWP\n files (bsc#1017313)\n\n - CVE-2016-10052: Added bound check to exif parsing of\n JPEG files (bsc#1017314)\n\n - CVE-2016-10059: Unchecked calculation when reading TIFF\n files could have lead to a buffer overflow (bsc#1017318)\n\n - CVE-2016-10060: Improved error handling when writing\n files to not mask errors (bsc#1017319)\n\n - CVE-2016-10061: Improved error handling when writing\n files to not mask errors (bsc#1017319).\n\n - CVE-2016-10062: Improved error handling when writing\n files to not mask errors (bsc#1017319).\n\n - CVE-2016-10063: Check validity of extend during TIFF\n file reading (bsc#1017320)\n\n - CVE-2016-10064: Improved checks for buffer overflow when\n reading TIFF files (bsc#1017321)\n\n - CVE-2016-10065: Unchecked calculations when reading VIFF\n files could have lead to out of bound reads\n (bsc#1017322)\n\n - CVE-2016-10068: Prevent NULL pointer access when using\n the MSL interpreter (bsc#1017324)\n\n - CVE-2016-10069: Add check for invalid mat file\n (bsc#1017325).\n\n - CVE-2016-10070: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10071: Prevent allocating the wrong amount of\n memory when reading mat files (bsc#1017326)\n\n - CVE-2016-10144: Added a check after allocating memory\n when parsing IPL files (bsc#1020433)\n\n - CVE-2016-10145: Fixed of-by-one in string copy operation\n when parsing WPG files (bsc#1020435)\n\n - CVE-2016-10146: Captions and labels were handled\n incorrectly, causing a memory leak that could have lead\n to DoS (bsc#1020443)\n\n - CVE-2017-5506: Missing offset check leading to a\n double-free (bsc#1020436)\n\n - CVE-2017-5507: Fixed a memory leak when reading MPC\n files allowing for DoS (bsc#1020439)\n\n - CVE-2017-5508: Increase the amount of memory allocated\n for TIFF pixels to prevent a heap buffer-overflow\n (bsc#1020441)\n\n - CVE-2017-5510: Prevent out-of-bounds write when reading\n PSD files (bsc#1020446).\n\n - CVE-2017-5511: A missing cast when reading PSD files\n could have caused memory corruption by a heap overflow\n (bsc#1020448)\n\nThis update removes the fix for CVE-2016-9773. ImageMagick-6 was not\naffected by CVE-2016-9773 and it caused a regression (at least in\nGraphicsMagick) (bsc#1017421).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T14:55:32", "description": "This update for GraphicsMagick fixes the following issues :\n\n - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799)\n\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n\n - Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707)\n\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n\n - Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125)\n\n - Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127)\n\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245)\n\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9807", "CVE-2014-9809", "CVE-2014-9815", "CVE-2014-9817", "CVE-2014-9820", "CVE-2014-9831", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9837", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9853", "CVE-2016-5118", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7515", "CVE-2016-7522", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-8862", "CVE-2016-9556"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/95704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1430.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95704);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9809\", \"CVE-2014-9815\", \"CVE-2014-9817\", \"CVE-2014-9820\", \"CVE-2014-9831\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9837\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9853\", \"CVE-2016-5118\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7522\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)\");\n script_summary(english:\"Check for the openSUSE-2016-1430 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - a possible shell execution attack was fixed. if the\n first character of an input filename for 'convert' was a\n '|' then the remainder of the filename was passed to the\n shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick\n (CVE-2014-9805, [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846,\n boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807,\n boo#983794)\n\n - Fix a possible crash due to corrupted xwd images\n (CVE-2014-9809, boo#983799)\n\n - Fix a possible crash due to corrupted wpg images\n (CVE-2014-9815, boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling\n (CVE-2014-9817, boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820,\n boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834,\n boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835,\n CVE-2014-9831, boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file\n (CVE-2014-9845, boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529,\n boo#1000399)\n\n - Fix out of bound access in xcf file coder\n (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515,\n boo#1000689)\n\n - Fix out of bound access for malformed psd file\n (CVE-2016-7522, boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531,\n boo#1000704)\n\n - Fix out of bound access in corrupted wpg files\n (CVE-2016-7533, boo#1000707)\n\n - Fix out of bound access in corrupted pdb files\n (CVE-2016-7537, boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability\n (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability\n (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero\n in WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (fix buffer overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow\n (CVE-2016-7800, boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997,\n boo#1003629)\n\n - Mismatch between real filesize and header values\n (CVE-2016-8684, boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header\n (CVE-2016-8682, boo#1005125)\n\n - Check that filesize is reasonable compared to the head
Security update for ImageMagick (important)
