Test ID:	1.3.6.1.4.1.25623.1.0.840996
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1435-1)
Summary:	The remote host is missing an update for the 'imagemagick' package(s) announced via the USN-1435-1 advisory.
Description:	Summary: The remote host is missing an update for the 'imagemagick' package(s) announced via the USN-1435-1 advisory. Vulnerability Insight: Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185) Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259) It was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798) Affected Software/OS: 'imagemagick' package(s) on Ubuntu 10.04, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0247 Debian Security Information: DSA-2427 (Google Search) http://www.debian.org/security/2012/dsa-2427 http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.osvdb.org/79003 RedHat Security Advisories: RHSA-2012:0544 http://rhn.redhat.com/errata/RHSA-2012-0544.html RedHat Security Advisories: RHSA-2012:0545 http://rhn.redhat.com/errata/RHSA-2012-0545.html http://www.securitytracker.com/id?1027032 http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0248 BugTraq ID: 51957 http://www.securityfocus.com/bid/51957 Common Vulnerability Exposure (CVE) ID: CVE-2012-0259 BugTraq ID: 52898 http://www.securityfocus.com/bid/52898 Debian Security Information: DSA-2462 (Google Search) http://www.debian.org/security/2012/dsa-2462 http://www.cert.fi/en/reports/2012/vulnerability635606.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 http://www.osvdb.org/81021 http://secunia.com/advisories/48679 http://secunia.com/advisories/48974 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html XForce ISS Database: imagemagick-jpegexif-dos(74657) https://exchange.xforce.ibmcloud.com/vulnerabilities/74657 Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 47926 48974 49043 49317 51957 80556 http://www.osvdb.org/80556 DSA-2462 USN-1435-1 [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 openSUSE-SU-2012:0692 Common Vulnerability Exposure (CVE) ID: CVE-2012-1186 80555 http://www.osvdb.org/80555 [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 imagemagick-syncimageprofiles-dos(76139) https://exchange.xforce.ibmcloud.com/vulnerabilities/76139 Common Vulnerability Exposure (CVE) ID: CVE-2012-1610 http://www.openwall.com/lists/oss-security/2012/04/04/6 http://www.osvdb.org/81024 XForce ISS Database: imagemagick-getexifproperty-dos(74660) https://exchange.xforce.ibmcloud.com/vulnerabilities/74660 Common Vulnerability Exposure (CVE) ID: CVE-2012-1798 http://www.osvdb.org/81023 XForce ISS Database: imagemagick-tiffexififd-dos(74659) https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.