PDA

View Full Version : USN-681-1: ImageMagick vulnerability



rss-bot
December 1st, 2008, 06:30 PM
Referenced CVEs:
CVE-2008-1096


Description:
================================================== =========Ubuntu Security Notice USN-681-1 December 01, 2008imagemagick vulnerabilityCVE-2008-1096============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: imagemagick 6:6.2.4.5-0.6ubuntu0.8Ubuntu 7.10: imagemagick 7:6.2.4.5.dfsg1-2ubuntu1.1After a standard system upgrade you need to restart any applications thatuse ImageMagick, such as OpenOffice.org and Inkscape, to effect thenecessary changes.Details follow:It was discovered that ImageMagick did not correctly handle certainmalformed XCF images. If a user were tricked into opening a speciallycrafted image with an application that uses ImageMagick, an attackercould cause a denial of service and possibly execute arbitrary code withthe user's privileges.





More... (http://www.ubuntu.com/usn/USN-681-1)