Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-517.NASLHistoryJun 20, 2016 - 12:00 a.m.
Debian DLA-517-1 : imagemagick security update
2016-06-2000:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
The code did not check the integer didn’t overflow before trying to resize a buffer. A specially crafted file could result in using memory past the end of the allocated buffer.
This security CVEs for this issue (CVE-2016-4563) along with CVE-2016-4562 and CVE-2016-4564 were based on a security advisory that will not be made public. This security fix was generated based only on the surface-level code-change information that is public in GitHub.
For more information on this, see:
http://seclists.org/oss-sec/2016/q2/476
For Debian 7 ‘Wheezy’, these problems have been fixed in version 8:6.7.7.10-5+deb7u7.
We recommend that you upgrade your imagemagick packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-517-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(91688);
script_version("2.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-4563");
script_name(english:"Debian DLA-517-1 : imagemagick security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The code did not check the integer didn't overflow before trying to
resize a buffer. A specially crafted file could result in using memory
past the end of the allocated buffer.
This security CVEs for this issue (CVE-2016-4563) along with
CVE-2016-4562 and CVE-2016-4564 were based on a security advisory that
will not be made public. This security fix was generated based only on
the surface-level code-change information that is public in GitHub.
For more information on this, see:
http://seclists.org/oss-sec/2016/q2/476
For Debian 7 'Wheezy', these problems have been fixed in version
8:6.7.7.10-5+deb7u7.
We recommend that you upgrade your imagemagick packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
# http://seclists.org/oss-sec/2016/q2/476
script_set_attribute(
attribute:"see_also",
value:"https://seclists.org/oss-sec/2016/q2/476"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2016/06/msg00017.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/imagemagick"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perlmagick");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2016/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"imagemagick", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"imagemagick-common", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"imagemagick-dbg", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"imagemagick-doc", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagick++-dev", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagick++5", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagickcore-dev", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagickcore5", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagickcore5-extra", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagickwand-dev", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"libmagickwand5", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (deb_check(release:"7.0", prefix:"perlmagick", reference:"8:6.7.7.10-5+deb7u7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | imagemagick | p-cpe:/a:debian:debian_linux:imagemagick |
| debian | debian_linux | imagemagick-common | p-cpe:/a:debian:debian_linux:imagemagick-common |
| debian | debian_linux | imagemagick-dbg | p-cpe:/a:debian:debian_linux:imagemagick-dbg |
| debian | debian_linux | imagemagick-doc | p-cpe:/a:debian:debian_linux:imagemagick-doc |
| debian | debian_linux | libmagick%2b%2b-dev | p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev |
| debian | debian_linux | libmagick%2b%2b5 | p-cpe:/a:debian:debian_linux:libmagick%2b%2b5 |
| debian | debian_linux | libmagickcore-dev | p-cpe:/a:debian:debian_linux:libmagickcore-dev |
| debian | debian_linux | libmagickcore5 | p-cpe:/a:debian:debian_linux:libmagickcore5 |
| debian | debian_linux | libmagickcore5-extra | p-cpe:/a:debian:debian_linux:libmagickcore5-extra |
| debian | debian_linux | libmagickwand-dev | p-cpe:/a:debian:debian_linux:libmagickwand-dev |
Related
openvas
openvas
Debian: Security Advisory (DLA-517-1)
2023-03-08 00:00:00
ImageMagick Multiple Denial of Service Vulnerabilities (Jun 2016) - Windows
2016-06-06 00:00:00
Debian Security Advisory DSA 3652-1 (imagemagick - security update)
2016-08-25 00:00:00
debian
debian
[SECURITY] [DLA 517-1] imagemagick security update
2016-06-17 08:40:49
[SECURITY] [DSA 3652-1] imagemagick security update
2016-08-25 20:53:21
[SECURITY] [DLA 731-1] imagemagick security update
2016-12-02 05:46:43
osv
osv
imagemagick - security update
2016-06-17 00:00:00
imagemagick - security update
2016-08-25 00:00:00
imagemagick - security update
2016-12-02 00:00:00
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2017-02-01 05:31:57
Buffer Overflow
2017-02-01 03:32:34
Denial Of Service (DoS)
2017-02-01 04:55:58
cve
cve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
prion
prion
Buffer overflow
2016-06-04 16:59:00
Buffer overflow
2016-06-04 16:59:00
Buffer overflow
2016-06-04 16:59:00
debiancve
debiancve
nessus
nessus
Debian DSA-3652-1 : imagemagick - security update
2016-08-26 00:00:00
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1782-1)
2016-08-29 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2016-840)
2016-07-07 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-07-11 16:08:01
Security update for ImageMagick (important)
2016-07-11 16:26:48
Security update for ImageMagick (important)
2016-07-20 12:09:04
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-21 00:00:00
Related for DEBIAN_DLA-517.NASL