SUSE: 2016:1260-1 Important: ImageMagick Remote Code Execution Threat

suse

May 7, 2016

An update that fixes 5 vulnerabilities is now available

Summary

This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server.

Topics Covered

security advisory remote code execution important image processing SUSE Linux Enterprise

References

#978061

Cross- CVE-2016-3714 CVE-2016-3715 CVE-2016-3716

CVE-2016-3717 CVE-2016-3718

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP1

SUSE Linux Enterprise Workstation Extension 12

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Desktop 12-SP1

SUSE Linux Enterprise Desktop 12

https://www.suse.com/security/cve/CVE-2016-3714.html

https://www.suse.com/security/cve/CVE-2016-3715.html

https://www.suse.com/security/cve/CVE-2016-3716.html

https://www.suse.com/security/cve/CVE-2016-3717.html

https://www.suse.com/security/cve/CVE-2016-3718.html

https://bugzilla.suse.com/978061

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1260-1

Rating: important

Topics Covered

security advisory remote code execution important image processing SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1260-1 Important: ImageMagick Remote Code Execution Threat

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1260-1 Important: ImageMagick Remote Code Execution Threat

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!