rPSA-2007-0064-1 ImageMagick

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2007-0064-1 ImageMagick
From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
Date: Wed, 04 Apr 2007 04:24:33 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2007-0064-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.6-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
    https://issues.rpath.com/browse/RPL-1211
    https://issues.rpath.com/browse/RPL-1205

Description:
    Previous versions of the ImageMagick package are vulnerable to two
    indirect attacks that may cause it to execute arbitrary code provided
    by an attacker when attempting to read intentionally malformed image
    files.

Prev by Date: CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service
Next by Date: CYBSEC Release: SAP Security - Paper & Tool release
Previous by thread: CYBSEC Security Pre-Advisory: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service
Next by thread: CYBSEC Release: SAP Security - Paper & Tool release
Index(es):
- Date
- Thread