You are here
Home > Preporuke > Sigurnosni nedostataci programskog paketa imagemagick

Sigurnosni nedostataci programskog paketa imagemagick

==========================================================================
Ubuntu Security Notice USN-2132-1
March 06, 2014

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

ImageMagick could be made to crash or run programs if it opened a specially
crafted image file.

Software Description:
– imagemagick: Image manipulation programs and library

Details:

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain restart markers in JPEG images. If
a user or automated system using ImageMagick were tricked into opening a
specially crafted JPEG image, an attacker could exploit this to cause
memory consumption, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2012-0260)

It was discovered that ImageMagick incorrectly handled decoding certain PSD
images. If a user or automated system using ImageMagick were tricked into
opening a specially crafted PSD image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program. (CVE-2014-1958, CVE-2014-2030)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libmagick++5 8:6.7.7.10-5ubuntu3.1
libmagickcore5 8:6.7.7.10-5ubuntu3.1

Ubuntu 12.10:
libmagick++5 8:6.7.7.10-2ubuntu4.2
libmagickcore5 8:6.7.7.10-2ubuntu4.2

Ubuntu 12.04 LTS:
libmagick++4 8:6.6.9.7-5ubuntu3.3
libmagickcore4 8:6.6.9.7-5ubuntu3.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2132-1
CVE-2012-0260, CVE-2014-1958, CVE-2014-2030

Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-5ubuntu3.1
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-2ubuntu4.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.6.9.7-5ubuntu3.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTGND6AAoJEGVp2FWnRL6TgpgP/1z8uam+r56gP+rt6EJBo/59
jayBZ7Gxrvy6Knw/5UfR8nWqyEl8YuAj0Oj5chjBf7FJEHJno0y8SiRKTsaCtoI6
f/BcjJs8SYXp5LqCf85Mzrj7wGaRnf8KaxW4+lvTBOg3krcvpgomEQT7HeGqksk3
aLMurYqNecTrkY1IvTcZkBrm5/f0j4wgxG2Eu7MfSj5R3rGjkh+yA8sg9rLkkmOL
QM4DV//LDDsfmZzVhHe85Odb9+rPG84Pf5d+OYW3MMiuajEfHF0XHfqw9NEDPq8d
po3CwZOuLhDXtxXhqfz8VzUirjWkUSFqBAR99IKY5OGo9Sw5sc2EzXIfiKBOHYzq
nfylLJ45UigwtpGjzWh4duVZbYx21dytMMVzKBK5+UANZokbPfpfKimjNnvgF98w
JaRft4NesUipoXrJaI8tePSt1b3Www2JW49JYU+d0Yby2joSmtcGt5PHag+Khazm
zCF6+f5MFl8w3YeBdzhrOmJ2LELrYfhSOsjo3hDj1tpg5VFWmRf1eHh5l3oCyoKC
NltfgfLyjrVOt3ndOtd3lNnaXVqPvBKx7BwYiOgh5VbwfrqyFpIvaYdLf4SbaIbr
UoHE6iyIkAqkm0v5s32uCYdU7D3vykWXZT2qF8EGzorchVpLisTtHVKMG/ky/kab
mvlfL4ErCC8pZ8OIw/G/
=CkYB
—–END PGP SIGNATURE—–

Top
More in Preporuke
Nadogradnja za Joomla! CMS

Izdana je nadogradnja za otklanjanje četiri ranjivosti, od kojih je jedna kritična, za popularni CMS, Joomla!. Tri su ranjivosti uzrokovane...

Close