SCIENTIFIC-LINUX-USERS Archives

April 2006

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
ImageMagick v6.0.7.1 exploitable?
From:
Michael Mansour <[log in to unmask]>
Reply To:
Michael Mansour <[log in to unmask]>
Date:
Fri, 14 Apr 2006 20:53:40 +1000
Content-Type:
text/plain
Parts/Attachments:
text/plain (26 lines) 
Hi,

I'm in the process of configuring Gallery2 on an SL42 environment, and the
following line from their configuration process worries me:

************
Version 
ImageMagick 6.0.7 

Warning: This version of ImageMagick has a known vulnerability that can be
exploited to cause infinite loops. You may wish to upgrade. This determination
may be inaccurate for Debian. 
************

They reference the link:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1739

which shows that this is remotely exploitable.

Would the upstream vendor have backported fixes for this problem in 6.0.7?

Thanks.

Michael.

ATOM RSS1 RSS2