Test ID:	1.3.6.1.4.1.25623.1.0.57336
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1168-1)
Summary:	The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DSA-1168-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DSA-1168-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2440 Eero Hakkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow. CVE-2006-3743 Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. CVE-2006-3744 Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. For the stable distribution (sarge) these problems have been fixed in version 6:6.0.6.2-2.7. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your imagemagick packages. Affected Software/OS: 'imagemagick' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2440 Debian Security Information: DSA-1168 (Google Search) http://www.debian.org/security/2006/dsa-1168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481 http://www.redhat.com/support/errata/RHSA-2007-0015.html http://secunia.com/advisories/21719 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 SGI Security Advisory: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc Common Vulnerability Exposure (CVE) ID: CVE-2006-3743 1016749 http://securitytracker.com/id?1016749 19697 http://www.securityfocus.com/bid/19697 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc 21615 http://secunia.com/advisories/21615 21621 http://secunia.com/advisories/21621 21671 http://secunia.com/advisories/21671 21679 http://secunia.com/advisories/21679 21719 21780 http://secunia.com/advisories/21780 21832 http://secunia.com/advisories/21832 22036 http://secunia.com/advisories/22036 22096 http://secunia.com/advisories/22096 28205 http://www.osvdb.org/28205 ADV-2006-3375 http://www.vupen.com/english/advisories/2006/3375 DSA-1168 GLSA-200609-14 http://security.gentoo.org/glsa/glsa-200609-14.xml MDKSA-2006:155 http://www.mandriva.com/security/advisories?name=MDKSA-2006:155 RHSA-2006:0633 http://www.redhat.com/support/errata/RHSA-2006-0633.html SUSE-SA:2006:050 http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html USN-340-1 http://www.ubuntu.com/usn/usn-340-1 http://bugs.gentoo.org/show_bug.cgi?id=144854 https://issues.rpath.com/browse/RPL-605 imagemagick-propuserunit-bo(28575) https://exchange.xforce.ibmcloud.com/vulnerabilities/28575 oval:org.mitre.oval:def:9895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9895 Common Vulnerability Exposure (CVE) ID: CVE-2006-3744 19699 http://www.securityfocus.com/bid/19699 28204 http://www.osvdb.org/28204 imagemagick-rasterfile-bo(28574) https://exchange.xforce.ibmcloud.com/vulnerabilities/28574 oval:org.mitre.oval:def:11486 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.