Test ID:	1.3.6.1.4.1.25623.1.0.71668
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1435-1 (imagemagick)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to imagemagick announced via advisory USN-1435-1. Details: Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185) Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259) It was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: imagemagick 8:6.6.0.4-3ubuntu1.1 libmagick++3 8:6.6.0.4-3ubuntu1.1 Ubuntu 11.04: imagemagick 7:6.6.2.6-1ubuntu4.1 libmagick++3 7:6.6.2.6-1ubuntu4.1 Ubuntu 10.04 LTS: imagemagick 7:6.5.7.8-1ubuntu1.2 libmagick++2 7:6.5.7.8-1ubuntu1.2 http://www.securityspace.com/smysecure/catid.html?in=USN-1435-1 CVSS Score: 9.3 CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0247 Debian Security Information: DSA-2427 (Google Search) http://www.debian.org/security/2012/dsa-2427 http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.osvdb.org/79003 RedHat Security Advisories: RHSA-2012:0544 http://rhn.redhat.com/errata/RHSA-2012-0544.html RedHat Security Advisories: RHSA-2012:0545 http://rhn.redhat.com/errata/RHSA-2012-0545.html http://www.securitytracker.com/id?1027032 http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 BugTraq ID: 51957 http://www.securityfocus.com/bid/51957 Debian Security Information: DSA-2462 (Google Search) http://www.debian.org/security/2012/dsa-2462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://www.osvdb.org/80556 http://secunia.com/advisories/48974 http://secunia.com/advisories/49317 SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html XForce ISS Database: imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 Common Vulnerability Exposure (CVE) ID: CVE-2012-0248 Common Vulnerability Exposure (CVE) ID: CVE-2012-1186 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 http://www.osvdb.org/80555 XForce ISS Database: imagemagick-syncimageprofiles-dos(76139) https://exchange.xforce.ibmcloud.com/vulnerabilities/76139 Common Vulnerability Exposure (CVE) ID: CVE-2012-0259 BugTraq ID: 52898 http://www.securityfocus.com/bid/52898 http://www.cert.fi/en/reports/2012/vulnerability635606.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 http://www.osvdb.org/81021 http://secunia.com/advisories/48679 http://secunia.com/advisories/55035 XForce ISS Database: imagemagick-jpegexif-dos(74657) https://exchange.xforce.ibmcloud.com/vulnerabilities/74657 Common Vulnerability Exposure (CVE) ID: CVE-2012-1610 http://www.openwall.com/lists/oss-security/2012/04/04/6 http://www.osvdb.org/81024 XForce ISS Database: imagemagick-getexifproperty-dos(74660) https://exchange.xforce.ibmcloud.com/vulnerabilities/74660 Common Vulnerability Exposure (CVE) ID: CVE-2012-1798 http://www.osvdb.org/81023 XForce ISS Database: imagemagick-tiffexififd-dos(74659) https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.