Описание
Security update for ImageMagick
This update for ImageMagick fixes the following issues:
- CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178)
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP3-LTSS
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP4
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ImageMagick-6.4.3.6-7.40.1
ImageMagick-devel-6.4.3.6-7.40.1
libMagick++-devel-6.4.3.6-7.40.1
libMagick++1-6.4.3.6-7.40.1
libMagickWand1-6.4.3.6-7.40.1
libMagickWand1-32bit-6.4.3.6-7.40.1
perl-PerlMagick-6.4.3.6-7.40.1
SUSE Manager 2.1
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Manager Proxy 2.1
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE OpenStack Cloud 5
libMagickCore1-6.4.3.6-7.40.1
libMagickCore1-32bit-6.4.3.6-7.40.1
Ссылки
- Link for SUSE-SU-2016:1610-1
- E-Mail link for SUSE-SU-2016:1610-1
- SUSE Security Ratings
- SUSE Bug 982178
- SUSE CVE CVE-2016-5118 page
Описание
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libMagickCore1-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libMagickCore1-32bit-6.4.3.6-7.40.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libMagickCore1-6.4.3.6-7.40.1
Ссылки
- CVE-2016-5118
- SUSE Bug 1000484
- SUSE Bug 982178