Oval Definition:	oval:org.opensuse.security:def:55713
Revision Date: 2020-12-01 Version: 1 Title: Security update for ImageMagick (Important) Description: This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-*/policy.xml' (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Family: unix Class: patch Status: Reference(s): 1000048 1035829 1041830 1043484 1043607 1045060 1045062 1045065 1046305 1046306 1048576 1050252 1050549 1051510 1054610 1055121 1056658 1056662 1056787 1060463 1063638 1063671 1064392 1065600 1066471 1066472 1068032 1070995 1071995 1073625 1073626 1073629 1074562 1074578 1074701 1075006 1075419 1075748 1077445 1078355 1080039 1082063 1082210 1082858 1082943 1083417 1083420 1083422 1083424 1083426 1083548 1083647 1084216 1086095 1086282 1086301 1086313 1086314 1086323 1087082 1087084 1087092 1087200 1087939 1088133 1094555 1098382 1098425 1098995 1098998 1101410 1101412 1101654 1102055 1103040 1103429 1104353 1106105 1106434 1106811 1107078 1107665 1108101 1108870 1109465 1109695 1110096 1110705 1111666 1113042 1113712 1113722 1113769 1113939 1114279 1114585 1114893 1117108 1117155 1117473 1117645 1117947 1118338 1119019 1119086 1119766 1119843 1120008 1120318 1120601 1120758 1120854 1120902 1120909 1120955 1121317 1121726 1121789 1121805 1122019 1122159 1122192 1122292 1122324 1122554 1122662 1122764 1122779 1122822 1122885 1122927 1122944 1122971 1122982 1123060 1123061 1123161 1123317 1123348 1123357 1123456 1123482 1123538 1123697 1123882 1123933 1124055 1124204 1124235 1124525 1124579 1124589 1124728 1124732 1124735 1124969 1124974 1124975 1124976 1124978 1124979 1124980 1124981 1124982 1124984 1124985 1125109 1125125 1125252 1125315 1125614 1125728 1125780 1125797 1125799 1125800 1125907 1125947 1126131 1126209 1126389 1126393 1126476 1126480 1126481 1126488 1126495 1126555 1126579 1126789 1126790 1126802 1126803 1126804 1126805 1126806 1126807 1127042 1127062 1127082 1127154 1127285 1127286 1127307 1127363 1127493 1127494 1127495 1127496 1127497 1127498 1127534 1127561 1127567 1127595 1127603 1127682 1127731 1127750 1127836 1127961 1128094 1128166 1128351 1128451 1128895 1129046 1129080 1129163 1129179 1129181 1129182 1129183 1129184 1129205 1129281 1129284 1129285 1129291 1129292 1129293 1129294 1129295 1129296 1129326 1129327 1129330 1129363 1129366 1129497 1129519 1129543 1129547 1129551 1129581 1129625 1129664 1129739 1129923 1133810 1140868 1145665 1149323 1161998 807502 824948 828192 843509 872796 925178 950169 967012 967013 978061 982017 982018 982019 982222 982223 982285 982959 983961 983982 991080 991088 991466 994760 994771 994774 996441 997858 997859 CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-0624 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0712 CVE-2011-1020 CVE-2011-1577 CVE-2011-2203 CVE-2012-0056 CVE-2012-2372 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2061 CVE-2013-2850 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6405 CVE-2014-00691 CVE-2014-0102 CVE-2014-0131 CVE-2014-0196 CVE-2014-0595 CVE-2014-2523 CVE-2014-2568 CVE-2014-3185 CVE-2014-3534 CVE-2014-3610 CVE-2014-3611 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3690 CVE-2014-3917 CVE-2014-3940 CVE-2014-4171 CVE-2014-4608 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4699 CVE-2014-4943 CVE-2014-5045 CVE-2014-5077 CVE-2014-5206 CVE-2014-5207 CVE-2014-5471 CVE-2014-5472 CVE-2014-7822 CVE-2014-7826 CVE-2014-7841 CVE-2014-8086 CVE-2014-8133 CVE-2014-8159 CVE-2014-8160 CVE-2014-8559 CVE-2014-8709 CVE-2014-9090 CVE-2014-9419 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0272 CVE-2015-0777 CVE-2015-1465 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922 CVE-2015-3212 CVE-2015-3331 CVE-2015-3332 CVE-2015-3339 CVE-2015-3636 CVE-2015-4036 CVE-2015-4167 CVE-2015-4692 CVE-2015-5156 CVE-2015-5157 CVE-2015-5283 CVE-2015-5307 CVE-2015-5364 CVE-2015-5366 CVE-2015-5569 CVE-2015-6252 CVE-2015-6937 CVE-2015-7613 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 CVE-2015-8104 CVE-2016-1549 CVE-2016-2391 CVE-2016-2392 CVE-2016-3120 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2017-13080 CVE-2017-15649 CVE-2017-17785 CVE-2017-17786 CVE-2017-17788 CVE-2017-3167 CVE-2017-3169 CVE-2017-5753 CVE-2017-7679 CVE-2017-9788 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-14679 CVE-2018-20669 CVE-2018-5156 CVE-2018-5188 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 CVE-2019-9811 CVE-2019-9812 SUSE-SU-2015:1742-1 SUSE-SU-2016:1260-1 SUSE-SU-2016:2136-1 SUSE-SU-2016:2589-1 SUSE-SU-2017:2449-1 SUSE-SU-2017:3130-1 SUSE-SU-2018:1765-1 SUSE-SU-2018:2322-1 SUSE-SU-2018:2323-1 SUSE-SU-2019:0765-1 SUSE-SU-2019:2620-1 SUSE-SU-2020:0601-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libXxf86dga1-1.1.4-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libnetpbm-devel-10.80.1-lp151.4.3 is installed OR libnetpbm11-10.80.1-lp151.4.3 is installed OR libnetpbm11-32bit-10.80.1-lp151.4.3 is installed OR netpbm-10.80.1-lp151.4.3 is installed OR netpbm-vulnerable-10.80.1-lp151.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND openvpn-2.0.9-143.33.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information flash-player-11.2.202.535-0.20 is installed OR flash-player-gnome-11.2.202.535-0.20 is installed OR flash-player-kde4-11.2.202.535-0.20 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information ImageMagick-6.8.8.1-19 is installed OR libMagick++-6_Q16-3-6.8.8.1-19 is installed OR libMagickCore-6_Q16-1-6.8.8.1-19 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-19 is installed OR libMagickWand-6_Q16-1-6.8.8.1-19 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information krb5-1.12.1-36 is installed OR krb5-32bit-1.12.1-36 is installed OR krb5-client-1.12.1-36 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information kernel-default-3.12.49-11 is installed OR kernel-default-base-3.12.49-11 is installed OR kernel-default-devel-3.12.49-11 is installed OR kernel-default-man-3.12.49-11 is installed OR kernel-devel-3.12.49-11 is installed OR kernel-macros-3.12.49-11 is installed OR kernel-source-3.12.49-11 is installed OR kernel-syms-3.12.49-11 is installed OR kernel-xen-3.12.49-11 is installed OR kernel-xen-base-3.12.49-11 is installed OR kernel-xen-devel-3.12.49-11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_18-default-12-2 is installed OR kgraft-patch-3_12_67-60_64_18-xen-12-2 is installed OR kgraft-patch-SLE12-SP1_Update_9-12-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information e2fsprogs-1.42.11-7 is installed OR libcom_err2-1.42.11-7 is installed OR libcom_err2-32bit-1.42.11-7 is installed OR libext2fs2-1.42.11-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ntp-4.2.8p11-64.5 is installed OR ntp-doc-4.2.8p11-64.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.52 is installed OR libopenssl1_0_0-1.0.2j-60.52 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.52 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.52 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.52 is installed OR openssl-1.0.2j-60.52 is installed OR openssl-doc-1.0.2j-60.52 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information openssh-7.2p2-74.25 is installed OR openssh-askpass-gnome-7.2p2-74.25 is installed OR openssh-fips-7.2p2-74.25 is installed OR openssh-helpers-7.2p2-74.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND python-pyOpenSSL-16.0.0-2.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information strongswan-5.1.3-26.13 is installed OR strongswan-doc-5.1.3-26.13 is installed OR strongswan-hmac-5.1.3-26.13 is installed OR strongswan-ipsec-5.1.3-26.13 is installed OR strongswan-libs0-5.1.3-26.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_103-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_28-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libICE6-1.0.8-12 is installed OR libICE6-32bit-1.0.8-12 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information apache2-2.4.16-20.10 is installed OR apache2-doc-2.4.16-20.10 is installed OR apache2-example-pages-2.4.16-20.10 is installed OR apache2-prefork-2.4.16-20.10 is installed OR apache2-utils-2.4.16-20.10 is installed OR apache2-worker-2.4.16-20.10 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information LibVNCServer-0.9.9-17.19 is installed OR libvncclient0-0.9.9-17.19 is installed OR libvncserver0-0.9.9-17.19 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Twisted-15.2.1-9.5 is installed
BACK