Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Newer ImageMagick version than in base repository?
« previous next »
Pages: [1]   Go Down

Newer ImageMagick version than in base repository?

  • 3 Replies
  • 1751 Views

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Newer ImageMagick version than in base repository?
« on: September 09, 2006, 10:30:43 PM »
Has someone installed a newer ImageMagick version (6.2.2.3 or higher) than the one in the base repository (6.0.7) as this has a vulnerability as stated by my gallery2 installation:

Quote
Version

ImageMagick 6.0.7

Warning: This version of ImageMagick has a known vulnerability that can be exploited to cause infinite loops. You may wish to upgrade. This determination may be inaccurate for Debian.

It links to the National Vulnerability Site which states:
Quote from: "[url=http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-1739
Vulnerability Summary CVE-2005-1739[/url]"]The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline crazybob

  • *****
  • 894
  • +0/-0
    • Stalzer R&D
Newer ImageMagick version than in base repository?
« Reply #1 on: September 10, 2006, 01:04:31 AM »
Did you notify the security team at security@contribs.org ?
Never mind, I just did it myself

Bob
Logged
If you think you know whats going on, you obviously have no idea whats going on!

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Newer ImageMagick version than in base repository?
« Reply #2 on: September 10, 2006, 10:02:36 AM »
Quote from: "crazybob"
Did you notify the security team at security@contribs.org ?
Never mind, I just did it myself

Bob
No did not do so... Thanks for reporting it to them.
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline gregswallow

  • *
  • 651
  • +1/-0
Newer ImageMagick version than in base repository?
« Reply #3 on: September 11, 2006, 08:59:41 PM »
* Thu May 26 2005  <mclasen@redhat.com> - 6.0.7.1-12
- fix a denial of service in the xwd coder (#158790, CAN-2005-1739)

As long as you have this version or newer, you are ok.

It's an rpm from CentOS by the way, not part of SME7.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: Newer ImageMagick version than in base repository?