SUSE-SU-2016:1301-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20161301-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:1301-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:1301-1
Related
Published
2016-05-13T14:27:21Z
Modified
2016-05-13T14:27:21Z
Summary
Security update for ImageMagick
Details

This update for ImageMagick fixes the following issues:

  • bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714)
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "perl-PerlMagick": "6.4.3.6-7.37.1",
            "ImageMagick-devel": "6.4.3.6-7.37.1",
            "ImageMagick": "6.4.3.6-7.37.1",
            "libMagickWand1": "6.4.3.6-7.37.1",
            "libMagick++1": "6.4.3.6-7.37.1",
            "libMagickWand1-32bit": "6.4.3.6-7.37.1",
            "libMagick++-devel": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:OpenStack Cloud 5 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Manager 2.1 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Manager%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Manager Proxy 2.1 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Manager%20Proxy%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / ImageMagick

Package

Name
ImageMagick
Purl
purl:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.3.6-7.37.1

Ecosystem specific

{
    "binaries": [
        {
            "libMagickCore1": "6.4.3.6-7.37.1",
            "libMagickCore1-32bit": "6.4.3.6-7.37.1"
        }
    ]
}