Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian: DSA 1213-1 Moderate: Imagemagick Remote Code Issues

debian
Calendar Grey November 19, 2006
Debian Logo
- --------------------------------------------------------------------------Debian Security Advisory
Updated package.

Summary


Daniel Kobras discovered that Imagemagick is vulnerable to format
string attacks in the filename parsing code.

CVE-2006-4144

Damian Put discovered that Imagemagick is vulnerable to buffer
overflows in the module for SGI images.

CVE-2006-5456

M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer
overflows in the module for DCM and PALM images.

CVE-2006-5868

Daniel Kobras discovered that Imagemagick is vulnerable to buffer
overflows in the module for SGI images.

This update also adresses regressions in the XCF codec, which were
introduced in the previous security update.

For the stable distribution (sarge) these problems have been fixed in
version 6:6.0.6.2-2.8.

For the upcoming stable distribution (etch) these problems have been
fixed in version 7:6.2.4.5.dfsg1-0.11.

For the unstable distribution (sid) these problems have been fixed in
version 7:6.2.4.5.dfsg1-0.11.

We recommend that you upgrade your imagemagick packages.


Up...

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here