Test ID:	1.3.6.1.4.1.25623.1.0.56259
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0178
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0178. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick's display command. It is possible to execute arbitrary commands by tricking a user into running display on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue. A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0178.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4601 BugTraq ID: 16093 http://www.securityfocus.com/bid/16093 Bugtraq: 20061127 rPSA-2006-0218-1 ImageMagick (Google Search) http://www.securityfocus.com/archive/1/452718/100/100/threaded Debian Security Information: DSA-957 (Google Search) http://www.debian.org/security/2006/dsa-957 http://www.mandriva.com/security/advisories?name=MDKSA-2006:024 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238 http://www.osvdb.org/22121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10353 RedHat Security Advisories: RHSA-2006:0178 http://rhn.redhat.com/errata/RHSA-2006-0178.html http://secunia.com/advisories/18261 http://secunia.com/advisories/18607 http://secunia.com/advisories/18631 http://secunia.com/advisories/18871 http://secunia.com/advisories/19183 http://secunia.com/advisories/19408 http://secunia.com/advisories/23090 http://secunia.com/advisories/28800 SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 SuSE Security Announcement: SUSE-SR:2006:006 (Google Search) http://www.novell.com/linux/security/advisories/2006_06_sr.html http://www.ubuntu.com/usn/usn-246-1 http://www.vupen.com/english/advisories/2008/0412 XForce ISS Database: imagemagick-filename-command-injection(23927) https://exchange.xforce.ibmcloud.com/vulnerabilities/23927 Common Vulnerability Exposure (CVE) ID: CVE-2006-0082 BugTraq ID: 12717 http://www.securityfocus.com/bid/12717 Debian Security Information: DSA-1213 (Google Search) http://www.debian.org/security/2006/dsa-1213 http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10717 http://securitytracker.com/id?1015623 http://secunia.com/advisories/18851 http://secunia.com/advisories/19030 http://secunia.com/advisories/22998 http://securityreason.com/securityalert/500
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.