SUSE-SU-2016:1301-1

Опубликовано: 13 мая 2016

Источник: suse-cvrf

Описание

Security update for ImageMagick

This update for ImageMagick fixes the following issues:

bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714)

Список пакетов

SUSE Linux Enterprise Server 11 SP2-LTSS

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP3-LTSS

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP4

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Software Development Kit 11 SP4

ImageMagick-6.4.3.6-7.37.1

ImageMagick-devel-6.4.3.6-7.37.1

libMagick++-devel-6.4.3.6-7.37.1

libMagick++1-6.4.3.6-7.37.1

libMagickWand1-6.4.3.6-7.37.1

libMagickWand1-32bit-6.4.3.6-7.37.1

perl-PerlMagick-6.4.3.6-7.37.1

SUSE Manager 2.1

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Manager Proxy 2.1

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE OpenStack Cloud 5

libMagickCore1-6.4.3.6-7.37.1

libMagickCore1-32bit-6.4.3.6-7.37.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20161301-1/
Link for SUSE-SU-2016:1301-1
https://lists.suse.com/pipermail/sle-security-updates/2016-May/002060.html
E-Mail link for SUSE-SU-2016:1301-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/978061
SUSE Bug 978061
https://www.suse.com/security/cve/CVE-2016-3714/
SUSE CVE CVE-2016-3714 page

Описание

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Затронутые продукты

SUSE Linux Enterprise Server 11 SP2-LTSS:libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP2-LTSS:libMagickCore1-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libMagickCore1-32bit-6.4.3.6-7.37.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libMagickCore1-6.4.3.6-7.37.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-3714.html
CVE-2016-3714
https://bugzilla.suse.com/1000484
SUSE Bug 1000484
https://bugzilla.suse.com/1057163
SUSE Bug 1057163
https://bugzilla.suse.com/1105592
SUSE Bug 1105592
https://bugzilla.suse.com/978061
SUSE Bug 978061
https://bugzilla.suse.com/980401
SUSE Bug 980401
https://bugzilla.suse.com/982178
SUSE Bug 982178

SUSE-SU-2016:1301-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP2-LTSS

SUSE Linux Enterprise Server 11 SP3-LTSS

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

SUSE Manager 2.1

SUSE Manager Proxy 2.1

SUSE OpenStack Cloud 5

Ссылки

Уязвимость: CVE-2016-3714

Описание

Затронутые продукты

Ссылки