Lucene search
Copyright (C) 2019 Greenbone AGOPENVAS:1361412562310891755HistoryApr 14, 2019 - 12:00 a.m.
Debian: Security Advisory (DLA-1755-1)
2019-04-1400:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
10
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.891755");
script_cve_id("CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010");
script_tag(name:"creation_date", value:"2019-04-14 02:00:21 +0000 (Sun, 14 Apr 2019)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-04-10 13:52:38 +0000 (Wed, 10 Apr 2019)");
script_name("Debian: Security Advisory (DLA-1755-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB8");
script_xref(name:"Advisory-ID", value:"DLA-1755-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2019/DLA-1755-1");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'graphicsmagick' package(s) announced via the DLA-1755-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer over-reads and a memory leak may lead to a denial-of-service or information disclosure.
For Debian 8 Jessie, these problems have been fixed in version 1.3.20-3+deb8u6.
We recommend that you upgrade your graphicsmagick packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'graphicsmagick' package(s) on Debian 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB8") {
if(!isnull(res = isdpkgvuln(pkg:"graphicsmagick", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"graphicsmagick-dbg", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"graphicsmagick-imagemagick-compat", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"graphicsmagick-libmagick-dev-compat", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgraphics-magick-perl", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgraphicsmagick++1-dev", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgraphicsmagick++3", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgraphicsmagick1-dev", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgraphicsmagick3", ver:"1.3.20-3+deb8u6", rls:"DEB8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Debian DLA-1755-1 : graphicsmagick security update
2019-04-15 00:00:00
openSUSE Security Update : GraphicsMagick (openSUSE-2019-1272)
2019-04-26 00:00:00
Ubuntu 18.04 LTS : GraphicsMagick vulnerabilities (USN-4207-1)
2019-12-04 00:00:00
osv
osv
graphicsmagick - security update
2019-04-13 00:00:00
graphicsmagick vulnerabilities
2023-03-27 16:40:44
graphicsmagick - security update
2017-07-30 00:00:00
debian
debian
[SECURITY] [DLA 1755-1] graphicsmagick security update
2019-04-13 22:13:02
[SECURITY] [DSA 4640-1] graphicsmagick security update
2020-03-15 22:20:52
[SECURITY] [DLA 1045-1] graphicsmagick security update
2017-07-30 16:22:23
openvas
openvas
openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2019:1272-1)
2019-04-26 00:00:00
Mageia: Security Advisory (MGASA-2019-0186)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2019-0187)
2022-01-28 00:00:00
suse
suse
Security update for GraphicsMagick (moderate)
2019-04-30 00:00:00
Security update for GraphicsMagick (moderate)
2019-04-25 00:00:00
Security update for ImageMagick (moderate)
2019-05-04 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2019-06-10 22:17:03
Updated graphicsmagick packages fix security vulnerabilities
2019-06-10 22:17:03
Updated graphicsmagick packages fix security vulnerabilities
2017-07-30 18:58:51
ubuntu
ubuntu
GraphicsMagick vulnerabilities
2019-12-03 00:00:00
GraphicsMagick vulnerabilities
2023-03-27 00:00:00
GraphicsMagick vulnerabilities
2019-12-02 00:00:00
prion
prion
Design/Logic Flaw
2019-04-23 14:29:00
Out-of-bounds
2019-04-23 14:29:00
Memory corruption
2019-04-08 19:29:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
CVE-2019-11473
2022-05-20 22:46:50
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service (DoS)
2017-07-05 05:11:32
fedora
fedora
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.26-1.fc24
2017-07-15 18:50:07
[SECURITY] Fedora 26 Update: GraphicsMagick-1.3.26-1.fc26
2017-07-08 16:54:48
[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.26-1.fc25
2017-07-12 03:29:41
freebsd
freebsd
GraphicsMagick -- multiple vulnerabilities
2017-07-04 00:00:00
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Related for OPENVAS:1361412562310891755