This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for ImageMagick fixes the following issues :
Security issues fixed :
- Several coders were vulnerable to remote code execution
attacks, these coders have now been disabled by default
but can be re-enabled by editing
- CVE-2016-3714: Insufficient shell characters filtering
leads to (potentially remote) code execution
- CVE-2016-3715: Possible file deletion by using
ImageMagick's 'ephemeral' pseudo protocol which deletes
files after reading.
- CVE-2016-3716: Possible file moving by using
ImageMagick's 'msl' pseudo protocol with any extension
in any folder.
- CVE-2016-3717: Possible local file read by using
ImageMagick's 'label' pseudo protocol to get content of
the files from the server.
- CVE-2016-3718: Possible Server Side Request Forgery
(SSRF) to make HTTP GET or FTP request.
Bugs fixed :
- Use external svg loader (rsvg)
This update was imported from the SUSE:SLE-12:Update update project.
See also :
Update the affected ImageMagick packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true