ID de Prueba:	1.3.6.1.4.1.25623.1.0.60739
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0145
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0145. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially-crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) An integer overflow flaw was found in ImageMagick's DIB parsing code. If a victim opened a specially-crafted DIB file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4988) A heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick. (CVE-2008-1096) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code on the victim's machine. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0145.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1797 BugTraq ID: 23252 http://www.securityfocus.com/bid/23252 BugTraq ID: 23347 http://www.securityfocus.com/bid/23347 Debian Security Information: DSA-1858 (Google Search) http://www.debian.org/security/2009/dsa-1858 http://security.gentoo.org/glsa/glsa-200705-13.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496 http://www.mandriva.com/security/advisories?name=MDKSA-2007:147 http://www.imagemagick.org/script/changelog.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254 http://www.redhat.com/support/errata/RHSA-2008-0145.html http://www.redhat.com/support/errata/RHSA-2008-0165.html http://www.securitytracker.com/id?1017839 http://secunia.com/advisories/24721 http://secunia.com/advisories/24739 http://secunia.com/advisories/25072 http://secunia.com/advisories/25206 http://secunia.com/advisories/25992 http://secunia.com/advisories/26177 http://secunia.com/advisories/29786 http://secunia.com/advisories/29857 http://secunia.com/advisories/36260 SuSE Security Announcement: SUSE-SR:2007:008 (Google Search) http://www.novell.com/linux/security/advisories/2007_8_sr.html http://www.ubuntu.com/usn/usn-481-1 http://www.vupen.com/english/advisories/2007/1200 XForce ISS Database: imagemagick-readdcmimage-bo(33376) https://exchange.xforce.ibmcloud.com/vulnerabilities/33376 XForce ISS Database: imagemagick-readxwdimage-bo(33377) https://exchange.xforce.ibmcloud.com/vulnerabilities/33377 Common Vulnerability Exposure (CVE) ID: CVE-2007-4985 BugTraq ID: 25764 http://www.securityfocus.com/bid/25764 Bugtraq: 20071112 FLEA-2007-0066-1 ImageMagick (Google Search) http://www.securityfocus.com/archive/1/483572/100/0/threaded http://security.gentoo.org/glsa/glsa-200710-27.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035 http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10869 http://www.securitytracker.com/id?1018729 http://secunia.com/advisories/26926 http://secunia.com/advisories/27048 http://secunia.com/advisories/27309 http://secunia.com/advisories/27364 http://secunia.com/advisories/27439 http://secunia.com/advisories/28721 SuSE Security Announcement: SUSE-SR:2007:023 (Google Search) http://www.novell.com/linux/security/advisories/2007_23_sr.html http://www.ubuntu.com/usn/usn-523-1 http://www.vupen.com/english/advisories/2007/3245 XForce ISS Database: imagemagick-readdcmimage-readxcfimage-dos(36740) https://exchange.xforce.ibmcloud.com/vulnerabilities/36740 Common Vulnerability Exposure (CVE) ID: CVE-2007-4986 BugTraq ID: 25763 http://www.securityfocus.com/bid/25763 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9963 http://secunia.com/advisories/35316 XForce ISS Database: imagemagick-multiplefunctions-bo(36738) https://exchange.xforce.ibmcloud.com/vulnerabilities/36738 Common Vulnerability Exposure (CVE) ID: CVE-2007-4988 BugTraq ID: 25765 http://www.securityfocus.com/bid/25765 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9656 XForce ISS Database: imagemagick-readdibimage-bo(36737) https://exchange.xforce.ibmcloud.com/vulnerabilities/36737 Common Vulnerability Exposure (CVE) ID: CVE-2008-1096 BugTraq ID: 28821 http://www.securityfocus.com/bid/28821 http://www.mandriva.com/security/advisories?name=MDVSA-2008:099 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 https://bugzilla.redhat.com/show_bug.cgi?id=286411 http://osvdb.org/43212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843 http://www.securitytracker.com/id?1019880 http://secunia.com/advisories/30967 http://secunia.com/advisories/32945 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/USN-681-1 XForce ISS Database: imagemagick-loadtile-code-execution(41194) https://exchange.xforce.ibmcloud.com/vulnerabilities/41194 Common Vulnerability Exposure (CVE) ID: CVE-2008-1097 BugTraq ID: 28822 http://www.securityfocus.com/bid/28822 http://security.gentoo.org/glsa/glsa-201311-10.xml https://bugzilla.redhat.com/show_bug.cgi?id=285861 http://osvdb.org/43213 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237 http://www.securitytracker.com/id?1019881 http://secunia.com/advisories/55721 XForce ISS Database: imagemagick-readpcximage-bo(41193) https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.