[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 04 Apr 2007 04:24:33 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: rPSA-2007-0064-1 ImageMagick
rPath Security Advisory: 2007-0064-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.6-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
https://issues.rpath.com/browse/RPL-1211
https://issues.rpath.com/browse/RPL-1205
Description:
Previous versions of the ImageMagick package are vulnerable to two
indirect attacks that may cause it to execute arbitrary code provided
by an attacker when attempting to read intentionally malformed image
files.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists