Test ID:	1.3.6.1.4.1.25623.1.0.60965
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:099 (ImageMagick)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ImageMagick announced via advisory MDVSA-2008:099. A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096). Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick (CVE-2008-1097). The updated packages have been patched to correct these issues. Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:099 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1096 BugTraq ID: 28821 http://www.securityfocus.com/bid/28821 Debian Security Information: DSA-1858 (Google Search) http://www.debian.org/security/2009/dsa-1858 http://www.mandriva.com/security/advisories?name=MDVSA-2008:099 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 https://bugzilla.redhat.com/show_bug.cgi?id=286411 http://osvdb.org/43212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843 http://www.redhat.com/support/errata/RHSA-2008-0145.html http://www.securitytracker.com/id?1019880 http://secunia.com/advisories/29786 http://secunia.com/advisories/30967 http://secunia.com/advisories/32945 http://secunia.com/advisories/36260 SuSE Security Announcement: SUSE-SR:2008:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://www.ubuntu.com/usn/USN-681-1 XForce ISS Database: imagemagick-loadtile-code-execution(41194) https://exchange.xforce.ibmcloud.com/vulnerabilities/41194 Common Vulnerability Exposure (CVE) ID: CVE-2008-1097 BugTraq ID: 28822 http://www.securityfocus.com/bid/28822 http://security.gentoo.org/glsa/glsa-201311-10.xml https://bugzilla.redhat.com/show_bug.cgi?id=285861 http://osvdb.org/43213 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237 http://www.redhat.com/support/errata/RHSA-2008-0165.html http://www.securitytracker.com/id?1019881 http://secunia.com/advisories/29857 http://secunia.com/advisories/55721 XForce ISS Database: imagemagick-readpcximage-bo(41193) https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.