FS#49203 : [imagemagick] CVE-2016-3714: arbitrary code execution

FS#49203 - [imagemagick] CVE-2016-3714: arbitrary code execution

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Wednesday, 04 May 2016, 08:38 GMT
Last edited by Antonio Rojas (arojas) - Thursday, 05 May 2016, 19:51 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Eric Belanger (Snowman) Jan Alexander Steffens (heftig)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi,

A critical security issue has been found in ImageMagick [0][1], allowing arbitrary code execution. In a lot of setups, untrusted files are passed to imagemagick tools, turning this issue into a remote code execution. The issue might have been fixed [2] in versions 7.0.1-1 and 6.9.3-10. There is still some doubts about whether the issue is completely fixed, but these versions don't seem to be vulnerable to the already public exploits, so I think we should upgrade as soon as possible.

Thanks!

[0]: http://www.openwall.com/lists/oss-security/2016/05/03/13
[1]: https://imagetragick.com/
[2]: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588

This task depends upon

Closed by Antonio Rojas (arojas)
Thursday, 05 May 2016, 19:51 GMT
Reason for closing: Fixed
Additional comments about closing: Updated

Comment by Alex Theotokatos (alex.theoto) - Wednesday, 04 May 2016, 20:50 GMT

There is already a workaround and the package is out-of-date.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#49203 - [imagemagick] CVE-2016-3714: arbitrary code execution

Details

Loading...