Description: | Description: The remote host is missing an update to imagemagick announced via advisory USN-1435-1.
Details:
Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185)
Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186)
Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259)
It was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610)
Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798)
Solution: The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: imagemagick 8:6.6.0.4-3ubuntu1.1 libmagick++3 8:6.6.0.4-3ubuntu1.1
Ubuntu 11.04: imagemagick 7:6.6.2.6-1ubuntu4.1 libmagick++3 7:6.6.2.6-1ubuntu4.1
Ubuntu 10.04 LTS: imagemagick 7:6.5.7.8-1ubuntu1.2 libmagick++2 7:6.5.7.8-1ubuntu1.2
http://www.securityspace.com/smysecure/catid.html?in=USN-1435-1
CVSS Score: 9.3
CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C
|