Test Kennung:	1.3.6.1.4.1.25623.1.0.851385
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:2073-1)
Zusammenfassung:	The remote host is missing an update for the 'GraphicsMagick'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'GraphicsMagick' package(s) announced via the referenced advisory. Vulnerability Insight: This update for GraphicsMagick fixes the following issues: - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752) - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop) (boo#983309) - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion (boo#983455) - CVE-2014-9846: Overflow in rle file (boo#983521) - CVE-2015-8894: Double free in TGA code (boo#983523) - CVE-2015-8896: Double free / integer truncation issue (boo#983533) - CVE-2014-9807: Double free in pdb coder (boo#983794) - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799) - CVE-2014-9819: Heap overflow in palm files (boo#984142) - CVE-2014-9835: Heap overflow in wpf file (boo#984145) - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375) - CVE-2014-9820: heap overflow in xpm files (boo#984150) - CVE-2014-9837: Additional PNM sanity checks (boo#984166) - CVE-2014-9815: Crash on corrupted wpg file (boo#984372) - CVE-2014-9839: Theoretical out of bound access in via color maps (boo#984379) - CVE-2014-9845: Crash due to corrupted dib file (boo#984394) - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400) - CVE-2014-9853: Memory leak in rle file handling (boo#984408) - CVE-2014-9834: Heap overflow in pict file (boo#984436) - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (boo#985442) - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG files (boo#965853) Affected Software/OS: GraphicsMagick on openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9805 http://www.openwall.com/lists/oss-security/2014/12/24/1 http://www.openwall.com/lists/oss-security/2016/06/02/13 Common Vulnerability Exposure (CVE) ID: CVE-2014-9807 Common Vulnerability Exposure (CVE) ID: CVE-2014-9809 Common Vulnerability Exposure (CVE) ID: CVE-2014-9815 Common Vulnerability Exposure (CVE) ID: CVE-2014-9817 Common Vulnerability Exposure (CVE) ID: CVE-2014-9819 Common Vulnerability Exposure (CVE) ID: CVE-2014-9820 Common Vulnerability Exposure (CVE) ID: CVE-2014-9831 Common Vulnerability Exposure (CVE) ID: CVE-2014-9834 Common Vulnerability Exposure (CVE) ID: CVE-2014-9835 Common Vulnerability Exposure (CVE) ID: CVE-2014-9837 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682 Common Vulnerability Exposure (CVE) ID: CVE-2014-9839 Common Vulnerability Exposure (CVE) ID: CVE-2014-9845 SuSE Security Announcement: SUSE-SU-2016:1782 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html SuSE Security Announcement: SUSE-SU-2016:1783 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html SuSE Security Announcement: SUSE-SU-2016:1784 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:1724 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html SuSE Security Announcement: openSUSE-SU-2016:1748 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html SuSE Security Announcement: openSUSE-SU-2016:1833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:2073 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html SuSE Security Announcement: openSUSE-SU-2016:3060 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html http://www.ubuntu.com/usn/USN-3131-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9846 Common Vulnerability Exposure (CVE) ID: CVE-2014-9853 Common Vulnerability Exposure (CVE) ID: CVE-2015-8894 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362 Common Vulnerability Exposure (CVE) ID: CVE-2015-8896 BugTraq ID: 91027 http://www.securityfocus.com/bid/91027 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 RedHat Security Advisories: RHSA-2016:1237 https://access.redhat.com/errata/RHSA-2016:1237 Common Vulnerability Exposure (CVE) ID: CVE-2016-2317 BugTraq ID: 83241 http://www.securityfocus.com/bid/83241 Debian Security Information: DSA-3746 (Google Search) http://www.debian.org/security/2016/dsa-3746 http://www.openwall.com/lists/oss-security/2016/02/11/6 http://www.openwall.com/lists/oss-security/2016/05/20/4 http://www.openwall.com/lists/oss-security/2016/05/27/4 http://www.openwall.com/lists/oss-security/2016/05/31/3 http://www.openwall.com/lists/oss-security/2016/09/07/4 http://www.openwall.com/lists/oss-security/2016/09/18/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-2318 Common Vulnerability Exposure (CVE) ID: CVE-2016-5240 BugTraq ID: 89348 http://www.securityfocus.com/bid/89348 http://www.openwall.com/lists/oss-security/2016/05/01/4 http://www.openwall.com/lists/oss-security/2016/05/01/6 http://www.openwall.com/lists/oss-security/2016/06/02/14 Common Vulnerability Exposure (CVE) ID: CVE-2016-5241 https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5688 BugTraq ID: 91283 http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.