Security update for ImageMagick SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1653-1 Final 1 1 2016-06-22T10:06:59Z current 2016-06-22T10:06:59Z 2016-06-22T10:06:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ImageMagick This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. (bsc#867943) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html E-Mail link for openSUSE-SU-2016:1653-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 ImageMagick-6.8.8.1-12.1 ImageMagick-devel-6.8.8.1-12.1 ImageMagick-devel-32bit-6.8.8.1-12.1 ImageMagick-doc-6.8.8.1-12.1 ImageMagick-extra-6.8.8.1-12.1 libMagick++-6_Q16-3-6.8.8.1-12.1 libMagick++-6_Q16-3-32bit-6.8.8.1-12.1 libMagick++-devel-6.8.8.1-12.1 libMagick++-devel-32bit-6.8.8.1-12.1 libMagickCore-6_Q16-1-6.8.8.1-12.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-12.1 libMagickWand-6_Q16-1-6.8.8.1-12.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-12.1 perl-PerlMagick-6.8.8.1-12.1 ImageMagick-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 ImageMagick-devel-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 ImageMagick-devel-32bit-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 ImageMagick-doc-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 ImageMagick-extra-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagick++-6_Q16-3-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagick++-6_Q16-3-32bit-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagick++-devel-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagick++-devel-32bit-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagickCore-6_Q16-1-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagickWand-6_Q16-1-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 libMagickWand-6_Q16-1-32bit-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 perl-PerlMagick-6.8.8.1-12.1 as a component of openSUSE Leap 42.1 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. CVE-2016-5118 openSUSE Leap 42.1:ImageMagick-6.8.8.1-12.1 openSUSE Leap 42.1:ImageMagick-devel-32bit-6.8.8.1-12.1 openSUSE Leap 42.1:ImageMagick-devel-6.8.8.1-12.1 openSUSE Leap 42.1:ImageMagick-doc-6.8.8.1-12.1 openSUSE Leap 42.1:ImageMagick-extra-6.8.8.1-12.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-32bit-6.8.8.1-12.1 openSUSE Leap 42.1:libMagick++-6_Q16-3-6.8.8.1-12.1 openSUSE Leap 42.1:libMagick++-devel-32bit-6.8.8.1-12.1 openSUSE Leap 42.1:libMagick++-devel-6.8.8.1-12.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-32bit-6.8.8.1-12.1 openSUSE Leap 42.1:libMagickCore-6_Q16-1-6.8.8.1-12.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-32bit-6.8.8.1-12.1 openSUSE Leap 42.1:libMagickWand-6_Q16-1-6.8.8.1-12.1 openSUSE Leap 42.1:perl-PerlMagick-6.8.8.1-12.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html https://www.suse.com/security/cve/CVE-2016-5118.html CVE-2016-5118 https://bugzilla.suse.com/982178 SUSE Bug 982178