Advisories:rPSA-2006-0159

From rPath Wiki

rPath Security Advisory 2006-0159-2

Published: 2006-08-29

Updated

1. 2006-08-29 Restored libMagick++ library

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Indirect User Deterministic Unauthorized Access

Updated Versions

• ImageMagick=conary.rpath.com@rpl:1/6.2.3.3-3.3-1

rPath Issue Tracking System

• RPL-605

References

• CVE-2006-3743
• CVE-2006-3744
• CVE-2006-4144

Description

In previous versions of the ImageMagick package, the sun bitmap,

GIMP xcf, and sgi image decoders contain vulnerabilities that enable

attackers to cause arbitrary code execution when using ImageMagick

programs or libraries to access malformed images of those types.

29 August 2006 Update: The initial fix for this vulnerability

inadvertently removed the libMagick++ library from the package.

Conary would not apply the initial version of the fix to affected

systems, so they retained functionality but did not have the

vulnerability fixed. This fault has since been corrected.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html