Pardus: Imagemagick: Multiple - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: September 6th, 2010

Linux Advisory Watch: September 3rd, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Pardus: Imagemagick: Multiple

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

exploited by malicious people to potentially compromise a user's system.


--==============23883774=Content-Type: multipart/alternative; boundary16e6d27ed1c6a055046d177296

--0016e6d27ed1c6a055046d177296
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-90            security@pardus.org.tr
------------------------------------------------------------------------

      Date: 2009-06-24
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
Tielei Wang has discovered a vulnerability in ImageMagick, which can be

exploited by malicious people to potentially compromise a user's system.


Description
==========
The vulnerability is caused due to an integer overflow error within the
"XMakeImage()" function in magick/xwindow.c. This can be  exploited  to

cause a buffer overflow via e.g. a specially crafted TIFF file.

Successful exploitation may allow execution of arbitrary code.



Affected packages:

  Pardus 2008:
    imagemagick, all before 6.4.4.10-25-9


Resolution
=========
There are update(s) for imagemagick. You can update  them  via  Package
Manager or with a single command from console:

    pisi up imagemagick

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id˜42
  * http://www.imagemagick.org/script/changelog.php

  * http://secunia.com/advisories/35216/

< Prev		Next >

Partner:

Latest Features

Review: The Official Ubuntu Book

Review: Zabbix 1.8 Network Monitoring

Meet the Anti-Nmap: PSAD

Understand: Fork Bombing Attack

Review: Hacking: The Art of Exploitation, Second Edition

Master's Student: Social Engineering is not just a definition!

Review: Ubuntu Unleased 2010 Edition: Covering 9.10 and 10.4

Yesterday's Edition

Firefox 3.6 gains anti-clickjacking support, Thunderbird & SeaMonkey updated

Quantum Cryptography Breached With Lasers

String Of Deals Shows Demand for Cloud-Based Authentication

Why hackers hack

Partner Sponsor