Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1276-1

Опубликовано: 11 мая 2016
Источник: suse-cvrf

Описание

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues:

  • Security update Remote Code Execution / Local File read [bsc#978061] CVE-2016-3714, CVE-2016-3715, CVE-2016-3717, CVE-2016-3718
  • CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution
  • CVE-2016-3715: Possible file deletion by using GraphicsMagick's 'tmp:' file specification syntax.
  • CVE-2016-3717: Possible local file read by using GraphicsMagick's 'txt:' file specification syntax.
  • CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request.

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-4.35.1
libGraphicsMagick2-1.2.5-4.35.1
perl-GraphicsMagick-1.2.5-4.35.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-4.35.1
libGraphicsMagick2-1.2.5-4.35.1

Ссылки

Описание

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.35.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.35.1
Ссылки

Описание

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.35.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.35.1
Ссылки

Описание

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.35.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.35.1
Ссылки

Описание

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.35.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.35.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.35.1
Ссылки