Test Kennung:	1.3.6.1.4.1.25623.1.0.831673
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)
Zusammenfassung:	The remote host is missing an update for the 'imagemagick'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'imagemagick' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in imagemagick: Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory (CVE-2010-4167). A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247). A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248). The updated packages have been patched to correct these issues. Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: imagemagick on Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4167 BugTraq ID: 45044 http://www.securityfocus.com/bid/45044 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052599.html http://www.openwall.com/lists/oss-security/2010/11/13/1 http://www.openwall.com/lists/oss-security/2010/11/15/3 RedHat Security Advisories: RHSA-2012:0544 http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/42497 http://secunia.com/advisories/42744 http://secunia.com/advisories/48100 http://secunia.com/advisories/49063 http://www.ubuntu.com/usn/USN-1028-1 http://www.vupen.com/english/advisories/2010/3150 http://www.vupen.com/english/advisories/2010/3322 Common Vulnerability Exposure (CVE) ID: CVE-2012-0247 Debian Security Information: DSA-2427 (Google Search) http://www.debian.org/security/2012/dsa-2427 http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.osvdb.org/79003 RedHat Security Advisories: RHSA-2012:0545 http://rhn.redhat.com/errata/RHSA-2012-0545.html http://www.securitytracker.com/id?1027032 http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0248 BugTraq ID: 51957 http://www.securityfocus.com/bid/51957 Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 Debian Security Information: DSA-2462 (Google Search) http://www.debian.org/security/2012/dsa-2462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://www.osvdb.org/80556 http://secunia.com/advisories/48974 http://secunia.com/advisories/49317 SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html XForce ISS Database: imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 Common Vulnerability Exposure (CVE) ID: CVE-2012-0259 BugTraq ID: 52898 http://www.securityfocus.com/bid/52898 http://www.cert.fi/en/reports/2012/vulnerability635606.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 http://www.osvdb.org/81021 http://secunia.com/advisories/48679 http://secunia.com/advisories/55035 XForce ISS Database: imagemagick-jpegexif-dos(74657) https://exchange.xforce.ibmcloud.com/vulnerabilities/74657 Common Vulnerability Exposure (CVE) ID: CVE-2012-0260 http://www.osvdb.org/81022 http://secunia.com/advisories/57224 http://www.ubuntu.com/usn/USN-2132-1 XForce ISS Database: imagemagick-jpegwarninghandler-dos(74658) https://exchange.xforce.ibmcloud.com/vulnerabilities/74658 Common Vulnerability Exposure (CVE) ID: CVE-2012-1798 http://www.osvdb.org/81023 XForce ISS Database: imagemagick-tiffexififd-dos(74659) https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Copyright	Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.