Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:107 (ImageMagick)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53968

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:107 (ImageMagick)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to ImageMagick
announced via advisory MDKSA-2005:107.

A heap-based buffer overflow was found in the way that ImageMagick
parses PNM files. If an attacker can trick a victim into opening
a specially crafted PNM file, the attacker could execute arbitrary
code on the victim's machine (CVE-2005-1275).

As well, a Denial of Service vulnerability was found in the way
that ImageMagick parses XWD files. If a user or program executed
ImageMagick to process a malicious XWD file, ImageMagick will enter
info an infinite loop causing a DoS (CVE-2005-1739).

The updated packages have been patched to fix these issues.

Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:107

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1275
13351
http://www.securityfocus.com/bid/13351
20050424 [Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow
http://seclists.org/lists/bugtraq/2005/Apr/0407.html
MDKSA-2005:107
http://www.mandriva.com/security/advisories?name=MDKSA-2005:107
RHSA-2005:413
http://www.redhat.com/support/errata/RHSA-2005-413.html
http://bugs.gentoo.org/show_bug.cgi?id=90423
http://www.imagemagick.org/script/changelog.php
http://www.overflow.pl/adv/imheapoverflow.txt
oval:org.mitre.oval:def:10003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10003
oval:org.mitre.oval:def:711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A711
Common Vulnerability Exposure (CVE) ID: CVE-2005-1739
BugTraq ID: 13705
http://www.securityfocus.com/bid/13705
http://security.gentoo.org/glsa/glsa-200505-16.xml
http://www.osvdb.org/16774
http://www.osvdb.org/16775
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A960
http://www.redhat.com/support/errata/RHSA-2005-480.html
http://secunia.com/advisories/15429
http://secunia.com/advisories/15446
http://secunia.com/advisories/15453
https://usn.ubuntu.com/132-1/

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53968
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:107 (ImageMagick)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ImageMagick announced via advisory MDKSA-2005:107. A heap-based buffer overflow was found in the way that ImageMagick parses PNM files. If an attacker can trick a victim into opening a specially crafted PNM file, the attacker could execute arbitrary code on the victim's machine (CVE-2005-1275). As well, a Denial of Service vulnerability was found in the way that ImageMagick parses XWD files. If a user or program executed ImageMagick to process a malicious XWD file, ImageMagick will enter info an infinite loop causing a DoS (CVE-2005-1739). The updated packages have been patched to fix these issues. Affected versions: 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:107 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1275 13351 http://www.securityfocus.com/bid/13351 20050424 [Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow http://seclists.org/lists/bugtraq/2005/Apr/0407.html MDKSA-2005:107 http://www.mandriva.com/security/advisories?name=MDKSA-2005:107 RHSA-2005:413 http://www.redhat.com/support/errata/RHSA-2005-413.html http://bugs.gentoo.org/show_bug.cgi?id=90423 http://www.imagemagick.org/script/changelog.php http://www.overflow.pl/adv/imheapoverflow.txt oval:org.mitre.oval:def:10003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10003 oval:org.mitre.oval:def:711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A711 Common Vulnerability Exposure (CVE) ID: CVE-2005-1739 BugTraq ID: 13705 http://www.securityfocus.com/bid/13705 http://security.gentoo.org/glsa/glsa-200505-16.xml http://www.osvdb.org/16774 http://www.osvdb.org/16775 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11667 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A960 http://www.redhat.com/support/errata/RHSA-2005-480.html http://secunia.com/advisories/15429 http://secunia.com/advisories/15446 http://secunia.com/advisories/15453 https://usn.ubuntu.com/132-1/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com