Test ID:	1.3.6.1.4.1.25623.1.1.4.2012.0763.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2012:0763-1)
Summary:	The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory. Vulnerability Insight: This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files: * CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. * CVE-2012-0247 / CVE-2012-1185: Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via 'profile.c'. * CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption). * CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD. Security Issue references: * CVE-2012-0247 > * CVE-2012-0248 > * CVE-2012-1185 > * CVE-2012-1186 > * CVE-2012-0259 > * CVE-2012-0260 > * CVE-2012-1798 > * CVE-2012-1610 > Affected Software/OS: 'ImageMagick' package(s) on SUSE Linux Enterprise Desktop 11-SP1, SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP1, SUSE Linux Enterprise Software Development Kit 11-SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0247 Debian Security Information: DSA-2427 (Google Search) http://www.debian.org/security/2012/dsa-2427 http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.osvdb.org/79003 RedHat Security Advisories: RHSA-2012:0544 http://rhn.redhat.com/errata/RHSA-2012-0544.html RedHat Security Advisories: RHSA-2012:0545 http://rhn.redhat.com/errata/RHSA-2012-0545.html http://www.securitytracker.com/id?1027032 http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0248 BugTraq ID: 51957 http://www.securityfocus.com/bid/51957 Common Vulnerability Exposure (CVE) ID: CVE-2012-0259 BugTraq ID: 52898 http://www.securityfocus.com/bid/52898 Debian Security Information: DSA-2462 (Google Search) http://www.debian.org/security/2012/dsa-2462 http://www.cert.fi/en/reports/2012/vulnerability635606.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 http://www.osvdb.org/81021 http://secunia.com/advisories/48679 http://secunia.com/advisories/48974 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html XForce ISS Database: imagemagick-jpegexif-dos(74657) https://exchange.xforce.ibmcloud.com/vulnerabilities/74657 Common Vulnerability Exposure (CVE) ID: CVE-2012-0260 http://www.osvdb.org/81022 http://secunia.com/advisories/57224 http://www.ubuntu.com/usn/USN-2132-1 XForce ISS Database: imagemagick-jpegwarninghandler-dos(74658) https://exchange.xforce.ibmcloud.com/vulnerabilities/74658 Common Vulnerability Exposure (CVE) ID: CVE-2012-1185 47926 48974 49043 49317 51957 80556 http://www.osvdb.org/80556 DSA-2462 USN-1435-1 [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 http://www.openwall.com/lists/oss-security/2012/03/19/5 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 imagemagick-profile-code-execution(76140) https://exchange.xforce.ibmcloud.com/vulnerabilities/76140 openSUSE-SU-2012:0692 Common Vulnerability Exposure (CVE) ID: CVE-2012-1186 80555 http://www.osvdb.org/80555 [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 imagemagick-syncimageprofiles-dos(76139) https://exchange.xforce.ibmcloud.com/vulnerabilities/76139 Common Vulnerability Exposure (CVE) ID: CVE-2012-1610 http://www.openwall.com/lists/oss-security/2012/04/04/6 http://www.osvdb.org/81024 XForce ISS Database: imagemagick-getexifproperty-dos(74660) https://exchange.xforce.ibmcloud.com/vulnerabilities/74660 Common Vulnerability Exposure (CVE) ID: CVE-2012-1798 http://www.osvdb.org/81023 XForce ISS Database: imagemagick-tiffexififd-dos(74659) https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.