Test ID:	1.3.6.1.4.1.25623.1.1.4.2016.1301.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2016:1301-1)
Summary:	The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2016:1301-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2016:1301-1 advisory. Vulnerability Insight: This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the 'https' module in the 'delegates.xml' config file. (CVE-2016-3714) Affected Software/OS: 'ImageMagick' package(s) on SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3714 1035742 http://www.securitytracker.com/id/1035742 20160513 May 2016 - HipChat Server - Critical Security Advisory http://www.securityfocus.com/archive/1/538378/100/0/threaded 39767 https://www.exploit-db.com/exploits/39767/ 39791 https://www.exploit-db.com/exploits/39791/ 89848 http://www.securityfocus.com/bid/89848 DSA-3580 http://www.debian.org/security/2016/dsa-3580 DSA-3746 http://www.debian.org/security/2016/dsa-3746 GLSA-201611-21 https://security.gentoo.org/glsa/201611-21 RHSA-2016:0726 http://rhn.redhat.com/errata/RHSA-2016-0726.html SSA:2016-132-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 SUSE-SU-2016:1260 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html SUSE-SU-2016:1275 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html SUSE-SU-2016:1301 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html USN-2990-1 http://www.ubuntu.com/usn/USN-2990-1 VU#250519 https://www.kb.cert.org/vuls/id/250519 [oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714 http://www.openwall.com/lists/oss-security/2016/05/03/13 [oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714 http://www.openwall.com/lists/oss-security/2016/05/03/18 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate https://access.redhat.com/security/vulnerabilities/2296071 https://bugzilla.redhat.com/show_bug.cgi?id=1332492 https://imagetragick.com/ https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 https://www.imagemagick.org/script/changelog.php openSUSE-SU-2016:1261 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html openSUSE-SU-2016:1266 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html openSUSE-SU-2016:1326 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.