Test ID:	1.3.6.1.4.1.25623.1.0.842781
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2990-1)
Summary:	The remote host is missing an update for the 'imagemagick' package(s) announced via the USN-2990-1 advisory.
Description:	Summary: The remote host is missing an update for the 'imagemagick' package(s) announced via the USN-2990-1 advisory. Vulnerability Insight: Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as 'ImageTragick'. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118) Affected Software/OS: 'imagemagick' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3714 1035742 http://www.securitytracker.com/id/1035742 20160513 May 2016 - HipChat Server - Critical Security Advisory http://www.securityfocus.com/archive/1/538378/100/0/threaded 39767 https://www.exploit-db.com/exploits/39767/ 39791 https://www.exploit-db.com/exploits/39791/ 89848 http://www.securityfocus.com/bid/89848 DSA-3580 http://www.debian.org/security/2016/dsa-3580 DSA-3746 http://www.debian.org/security/2016/dsa-3746 GLSA-201611-21 https://security.gentoo.org/glsa/201611-21 RHSA-2016:0726 http://rhn.redhat.com/errata/RHSA-2016-0726.html SSA:2016-132-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 SUSE-SU-2016:1260 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html SUSE-SU-2016:1275 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html SUSE-SU-2016:1301 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html USN-2990-1 http://www.ubuntu.com/usn/USN-2990-1 VU#250519 https://www.kb.cert.org/vuls/id/250519 [oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714 http://www.openwall.com/lists/oss-security/2016/05/03/13 [oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714 http://www.openwall.com/lists/oss-security/2016/05/03/18 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate https://access.redhat.com/security/vulnerabilities/2296071 https://bugzilla.redhat.com/show_bug.cgi?id=1332492 https://imagetragick.com/ https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 https://www.imagemagick.org/script/changelog.php openSUSE-SU-2016:1261 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html openSUSE-SU-2016:1266 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html openSUSE-SU-2016:1326 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3715 89852 http://www.securityfocus.com/bid/89852 Common Vulnerability Exposure (CVE) ID: CVE-2016-3716 [debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3717 Common Vulnerability Exposure (CVE) ID: CVE-2016-3718 Common Vulnerability Exposure (CVE) ID: CVE-2016-5118 BugTraq ID: 90938 http://www.securityfocus.com/bid/90938 Debian Security Information: DSA-3591 (Google Search) http://www.debian.org/security/2016/dsa-3591 Debian Security Information: DSA-3746 (Google Search) http://www.openwall.com/lists/oss-security/2016/05/29/7 http://www.openwall.com/lists/oss-security/2016/05/30/1 RedHat Security Advisories: RHSA-2016:1237 https://access.redhat.com/errata/RHSA-2016:1237 http://www.securitytracker.com/id/1035984 http://www.securitytracker.com/id/1035985 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 SuSE Security Announcement: SUSE-SU-2016:1570 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html SuSE Security Announcement: SUSE-SU-2016:1610 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html SuSE Security Announcement: SUSE-SU-2016:1614 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:1521 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:1522 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:1534 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:1653 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.