Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 8: DLA-1395-1 Critical: php-horde-image Remote Code Exec

debian lts
Calendar Grey June 22, 2018
Dist Debian Esm H88
Enhance the php-horde-image package to remediate remote code execution vulnerabilities impacting Debian 8. Essential patches incorporated.
It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde groupware tool:

Summary

* CVE-2017-14650: Another RCE that was exploitable by a logged-in
user sending a maliciously crafted GET request specifically to the "im"
image backend.

For Debian 8 "Jessie", these issues have been fixed in php-horde-image
version 2.1.0-4+deb8u1.

We recommend that you upgrade your php-horde-image packages.


Regards,

- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-



Severity
critical
Lowest
Low
Medium
High
Critical

Package: php-horde-image
Version: 2.1.0-4+deb8u1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here