Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57275
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0633
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0633.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

Tavis Ormandy discovered several integer and buffer overflow flaws in the
way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker
could execute arbitrary code on a victim's machine if they were able to
trick the victim into opening a specially crafted image file.
(CVE-2006-3743, CVE-2006-3744, CVE-2006-4144)

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0633.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
5.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3743
BugTraq ID: 19697
http://www.securityfocus.com/bid/19697
Debian Security Information: DSA-1168 (Google Search)
http://www.debian.org/security/2006/dsa-1168
http://security.gentoo.org/glsa/glsa-200609-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:155
http://bugs.gentoo.org/show_bug.cgi?id=144854
http://www.osvdb.org/28205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895
http://www.redhat.com/support/errata/RHSA-2006-0633.html
http://securitytracker.com/id?1016749
http://secunia.com/advisories/21615
http://secunia.com/advisories/21621
http://secunia.com/advisories/21671
http://secunia.com/advisories/21679
http://secunia.com/advisories/21719
http://secunia.com/advisories/21780
http://secunia.com/advisories/21832
http://secunia.com/advisories/22036
http://secunia.com/advisories/22096
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
SuSE Security Announcement: SUSE-SA:2006:050 (Google Search)
http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html
http://www.ubuntu.com/usn/usn-340-1
http://www.vupen.com/english/advisories/2006/3375
XForce ISS Database: imagemagick-propuserunit-bo(28575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28575
Common Vulnerability Exposure (CVE) ID: CVE-2006-3744
BugTraq ID: 19699
http://www.securityfocus.com/bid/19699
http://www.osvdb.org/28204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486
XForce ISS Database: imagemagick-rasterfile-bo(28574)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28574
Common Vulnerability Exposure (CVE) ID: CVE-2006-4144
BugTraq ID: 19507
http://www.securityfocus.com/bid/19507
Bugtraq: 20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443208/100/0/threaded
Bugtraq: 20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/443362/100/0/threaded
Debian Security Information: DSA-1213 (Google Search)
http://www.debian.org/security/2006/dsa-1213
http://www.overflow.pl/adv/imsgiheap.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129
http://securitytracker.com/id?1016699
http://secunia.com/advisories/21462
http://secunia.com/advisories/21525
http://secunia.com/advisories/22998
http://securityreason.com/securityalert/1385
http://www.ubuntu.com/usn/usn-337-1
XForce ISS Database: imagemagick-readsgiimage-bo(28372)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28372
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.