Test Kennung:	1.3.6.1.4.1.25623.1.0.851307
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)
Zusammenfassung:	The remote host is missing an update for the 'ImageMagick'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ImageMagick' package(s) announced via the referenced advisory. Vulnerability Insight: This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-*/policy.xml' (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Affected Software/OS: ImageMagick on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3714 BugTraq ID: 89848 http://www.securityfocus.com/bid/89848 Bugtraq: 20160513 May 2016 - HipChat Server - Critical Security Advisory (Google Search) http://www.securityfocus.com/archive/1/538378/100/0/threaded CERT/CC vulnerability note: VU#250519 https://www.kb.cert.org/vuls/id/250519 Debian Security Information: DSA-3580 (Google Search) http://www.debian.org/security/2016/dsa-3580 Debian Security Information: DSA-3746 (Google Search) http://www.debian.org/security/2016/dsa-3746 https://www.exploit-db.com/exploits/39767/ https://www.exploit-db.com/exploits/39791/ https://security.gentoo.org/glsa/201611-21 http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate https://imagetragick.com/ http://www.openwall.com/lists/oss-security/2016/05/03/13 http://www.openwall.com/lists/oss-security/2016/05/03/18 RedHat Security Advisories: RHSA-2016:0726 http://rhn.redhat.com/errata/RHSA-2016-0726.html http://www.securitytracker.com/id/1035742 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 SuSE Security Announcement: SUSE-SU-2016:1260 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html SuSE Security Announcement: SUSE-SU-2016:1275 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html SuSE Security Announcement: SUSE-SU-2016:1301 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html SuSE Security Announcement: openSUSE-SU-2016:1261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html SuSE Security Announcement: openSUSE-SU-2016:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:1326 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http://www.ubuntu.com/usn/USN-2990-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3715 BugTraq ID: 89852 http://www.securityfocus.com/bid/89852 Common Vulnerability Exposure (CVE) ID: CVE-2016-3716 https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3717 Common Vulnerability Exposure (CVE) ID: CVE-2016-3718
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.