Security update for GraphicsMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1326-1 Final 1 1 2016-05-18T09:07:55Z current 2016-05-18T09:07:55Z 2016-05-18T09:07:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for GraphicsMagick This update for GraphicsMagick fixes the following issues: Security issues fixed: - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html E-Mail link for openSUSE-SU-2016:1326-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 GraphicsMagick-1.3.21-5.1 GraphicsMagick-devel-1.3.21-5.1 libGraphicsMagick++-Q16-11-1.3.21-5.1 libGraphicsMagick++-devel-1.3.21-5.1 libGraphicsMagick-Q16-3-1.3.21-5.1 libGraphicsMagick3-config-1.3.21-5.1 libGraphicsMagickWand-Q16-2-1.3.21-5.1 perl-GraphicsMagick-1.3.21-5.1 GraphicsMagick-1.3.21-5.1 as a component of openSUSE Leap 42.1 GraphicsMagick-devel-1.3.21-5.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-Q16-11-1.3.21-5.1 as a component of openSUSE Leap 42.1 libGraphicsMagick++-devel-1.3.21-5.1 as a component of openSUSE Leap 42.1 libGraphicsMagick-Q16-3-1.3.21-5.1 as a component of openSUSE Leap 42.1 libGraphicsMagick3-config-1.3.21-5.1 as a component of openSUSE Leap 42.1 libGraphicsMagickWand-Q16-2-1.3.21-5.1 as a component of openSUSE Leap 42.1 perl-GraphicsMagick-1.3.21-5.1 as a component of openSUSE Leap 42.1 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." CVE-2016-3714 openSUSE Leap 42.1:GraphicsMagick-1.3.21-5.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-5.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html https://www.suse.com/security/cve/CVE-2016-3714.html CVE-2016-3714 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 https://bugzilla.suse.com/982178 SUSE Bug 982178 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 openSUSE Leap 42.1:GraphicsMagick-1.3.21-5.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-5.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html https://www.suse.com/security/cve/CVE-2016-3715.html CVE-2016-3715 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 openSUSE Leap 42.1:GraphicsMagick-1.3.21-5.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-5.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-5.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html https://www.suse.com/security/cve/CVE-2016-3717.html CVE-2016-3717 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. CVE-2016-3718 openSUSE Leap 42.1:GraphicsMagick-1.3.21-5.1 openSUSE Leap 42.1:GraphicsMagick-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-Q16-11-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick++-devel-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick-Q16-3-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagick3-config-1.3.21-5.1 openSUSE Leap 42.1:libGraphicsMagickWand-Q16-2-1.3.21-5.1 openSUSE Leap 42.1:perl-GraphicsMagick-1.3.21-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html https://www.suse.com/security/cve/CVE-2016-3718.html CVE-2016-3718 https://bugzilla.suse.com/1057163 SUSE Bug 1057163 https://bugzilla.suse.com/1105592 SUSE Bug 1105592 https://bugzilla.suse.com/978061 SUSE Bug 978061