Lucene search

SuseSUSE-SU-2016:1260-1

HistoryMay 07, 2016 - 1:08 p.m.

Security update for ImageMagick (important)

2016-05-0713:08:32

lists.opensuse.org

EPSS

0.974

Percentile

99.9%

JSON

This update for ImageMagick fixes the following issues:

Security issues fixed:

Several coders were vulnerable to remote code execution attacks, these
coders have now been disabled by default but can be re-enabled by
editing "/etc/ImageMagick-*/policy.xml" (bsc#978061)
CVE-2016-3714: Insufficient shell characters filtering leads to
(potentially remote) code execution
CVE-2016-3715: Possible file deletion by using ImageMagick’s ‘ephemeral’
pseudo protocol which deletes files after reading.
CVE-2016-3716: Possible file moving by using ImageMagick’s ‘msl’ pseudo
protocol with any extension in any folder.
CVE-2016-3717: Possible local file read by using ImageMagick’s ‘label’
pseudo protocol to get content of the files from the server.
CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP
GET or FTP request.

Bugs fixed:

Use external svg loader (rsvg)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Workstation Extension12x86_64libmagick++-6_q16-3-debuginfo< 6.8.8.1-19.1libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Server12s390xlibmagickcore-6_q16-1-debuginfo< 6.8.8.1-19.1libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12.1ppc64lelibmagick++-6_q16-3-debuginfo< 6.8.8.1-19.1libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Workstation Extension12.1x86_64libmagickcore-6_q16-1-32bit< 6.8.8.1-19.1libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12ppc64leimagemagick-devel< 6.8.8.1-19.1ImageMagick-devel-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Server12s390xlibmagickcore-6_q16-1< 6.8.8.1-19.1libMagickCore-6_Q16-1-6.8.8.1-19.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12ppc64leimagemagick< 6.8.8.1-19.1ImageMagick-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Server12ppc64leimagemagick-debugsource< 6.8.8.1-19.1ImageMagick-debugsource-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.1x86_64perl-perlmagick< 6.8.8.1-19.1perl-PerlMagick-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Desktop12x86_64libmagick++-6_q16-3-debuginfo< 6.8.8.1-19.1libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Workstation Extension	12	x86_64	libmagick++-6_q16-3-debuginfo	< 6.8.8.1-19.1	libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Server	12	s390x	libmagickcore-6_q16-1-debuginfo	< 6.8.8.1-19.1	libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	12.1	ppc64le	libmagick++-6_q16-3-debuginfo	< 6.8.8.1-19.1	libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Workstation Extension	12.1	x86_64	libmagickcore-6_q16-1-32bit	< 6.8.8.1-19.1	libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	12	ppc64le	imagemagick-devel	< 6.8.8.1-19.1	ImageMagick-devel-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Server	12	s390x	libmagickcore-6_q16-1	< 6.8.8.1-19.1	libMagickCore-6_Q16-1-6.8.8.1-19.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	12	ppc64le	imagemagick	< 6.8.8.1-19.1	ImageMagick-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Server	12	ppc64le	imagemagick-debugsource	< 6.8.8.1-19.1	ImageMagick-debugsource-6.8.8.1-19.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12.1	x86_64	perl-perlmagick	< 6.8.8.1-19.1	perl-PerlMagick-6.8.8.1-19.1.x86_64.rpm
SUSE Linux Enterprise Desktop	12	x86_64	libmagick++-6_q16-3-debuginfo	< 6.8.8.1-19.1	libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1.x86_64.rpm

Rows per page:

1-10 of 1261

References

bugzilla.suse.com/978061