Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2012.0763.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2012:0763-1)
Resumen:The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.

Vulnerability Insight:
This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files:

* CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count.
* CVE-2012-0247 / CVE-2012-1185: Integer overflows via
'number_bytes' and 'offset' could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via 'profile.c'.
* CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption).
* CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD.

Security Issue references:

* CVE-2012-0247
>
* CVE-2012-0248
>
* CVE-2012-1185
>
* CVE-2012-1186
>
* CVE-2012-0259
>
* CVE-2012-0260
>
* CVE-2012-1798
>
* CVE-2012-1610
>

Affected Software/OS:
'ImageMagick' package(s) on SUSE Linux Enterprise Desktop 11 SP1, SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Software Development Kit 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0247
Debian Security Information: DSA-2427 (Google Search)
http://www.debian.org/security/2012/dsa-2427
http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml
http://www.cert.fi/en/reports/2012/vulnerability595210.html
http://www.osvdb.org/79003
RedHat Security Advisories: RHSA-2012:0544
http://rhn.redhat.com/errata/RHSA-2012-0544.html
RedHat Security Advisories: RHSA-2012:0545
http://rhn.redhat.com/errata/RHSA-2012-0545.html
http://www.securitytracker.com/id?1027032
http://secunia.com/advisories/47926
http://secunia.com/advisories/48247
http://secunia.com/advisories/48259
http://secunia.com/advisories/49043
http://secunia.com/advisories/49063
http://secunia.com/advisories/49068
http://ubuntu.com/usn/usn-1435-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0248
BugTraq ID: 51957
http://www.securityfocus.com/bid/51957
Common Vulnerability Exposure (CVE) ID: CVE-2012-0259
BugTraq ID: 52898
http://www.securityfocus.com/bid/52898
Debian Security Information: DSA-2462 (Google Search)
http://www.debian.org/security/2012/dsa-2462
http://www.cert.fi/en/reports/2012/vulnerability635606.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259
http://www.osvdb.org/81021
http://secunia.com/advisories/48679
http://secunia.com/advisories/48974
http://secunia.com/advisories/49317
http://secunia.com/advisories/55035
SuSE Security Announcement: openSUSE-SU-2012:0692 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html
XForce ISS Database: imagemagick-jpegexif-dos(74657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74657
Common Vulnerability Exposure (CVE) ID: CVE-2012-0260
http://www.osvdb.org/81022
http://secunia.com/advisories/57224
http://www.ubuntu.com/usn/USN-2132-1
XForce ISS Database: imagemagick-jpegwarninghandler-dos(74658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74658
Common Vulnerability Exposure (CVE) ID: CVE-2012-1185
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185
http://www.openwall.com/lists/oss-security/2012/03/19/5
http://www.osvdb.org/80556
XForce ISS Database: imagemagick-profile-code-execution(76140)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76140
Common Vulnerability Exposure (CVE) ID: CVE-2012-1186
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186
http://www.osvdb.org/80555
XForce ISS Database: imagemagick-syncimageprofiles-dos(76139)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76139
Common Vulnerability Exposure (CVE) ID: CVE-2012-1610
http://www.openwall.com/lists/oss-security/2012/04/04/6
http://www.osvdb.org/81024
XForce ISS Database: imagemagick-getexifproperty-dos(74660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74660
Common Vulnerability Exposure (CVE) ID: CVE-2012-1798
http://www.osvdb.org/81023
XForce ISS Database: imagemagick-tiffexififd-dos(74659)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74659
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.