PDA

View Full Version : USN-523-1: ImageMagick vulnerabilities



rss-bot
October 4th, 2007, 05:50 AM
Referenced CVEs:
CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988


Description:
================================================== ========= Ubuntu Security Notice USN-523-1 October 03, 2007 imagemagick vulnerabilities CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.7 Ubuntu 6.10: libmagick9 7:6.2.4.5.dfsg1-0.10ubuntu0.4 Ubuntu 7.04: libmagick9 7:6.2.4.5.dfsg1-0.14ubuntu0.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.





More... (http://www.ubuntu.com/usn/usn-523-1)