SUSE: 2021:2834-1 Critical: LibXML2 Security Vulnerabilities

suse

May 11, 2016

An update that fixes 5 vulnerabilities is now available

Summary

This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vu lnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'

Topics Covered

security advisory remote code execution important SUSE ImageMagick

References

#978061

Cross- CVE-2016-3714 CVE-2016-3715 CVE-2016-3716

CVE-2016-3717 CVE-2016-3718

Affected Products:

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP2

https://www.suse.com/security/cve/CVE-2016-3714.html

https://www.suse.com/security/cve/CVE-2016-3715.html

https://www.suse.com/security/cve/CVE-2016-3716.html

https://www.suse.com/security/cve/CVE-2016-3717.html

https://www.suse.com/security/cve/CVE-2016-3718.html

https://bugzilla.suse.com/978061

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1275-1

Rating: important

Topics Covered

security advisory remote code execution important SUSE ImageMagick

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2021:2834-1 Critical: LibXML2 Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2021:2834-1 Critical: LibXML2 Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!