Debian DSA-4074-1 : imagemagick - security update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

This update fixes several vulnerabilities in imagemagick: Various
memory handling problems and cases of missing or incomplete input
sanitising may result in denial of service, memory disclosure or the
execution of arbitrary code if malformed image files are processed.

See also :

https://security-tracker.debian.org/tracker/imagemagick
https://packages.debian.org/source/stretch/imagemagick
http://www.debian.org/security/2017/dsa-4074

Solution :

Upgrade the imagemagick packages.

For the stable distribution (stretch), these problems have been fixed
in version 8:6.9.7.4+dfsg-11+deb9u4.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Debian Local Security Checks

Nessus Plugin ID: 105489 ()

Bugtraq ID:

CVE ID: CVE-2017-12877
CVE-2017-16546
CVE-2017-17499
CVE-2017-17504
CVE-2017-17879

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now