Fedora 26: 2017-28387b61fd Critical Fix: Horde_Image Command Injection
fedora
July 11, 2017
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections
Summary
An Image utility API, with backends for:
* GD
* GIF
* PNG
* SVG
* SWF
* ImageMagick convert command line tool
* Imagick Extension
Optional dependency: php-pecl-imagick
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command
injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS
attack by preventing an infinite loop in certain conditions (CVE-2017-9773,
reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by
properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi
Vidyan). * [jan] Add blur effect.
su -c 'dnf upgrade php-horde-Horde-Image' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!