Ubuntu USN-784-1 (imagemagick) Network Vulnerability

Summary

The remote host is missing an update to imagemagick announced via advisory USN-784-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.9 Ubuntu 8.04 LTS: libmagick10 7:6.3.7.9.dfsg1-2ubuntu1.1 Ubuntu 8.10: libmagick10 7:6.3.7.9.dfsg1-2ubuntu3.1 Ubuntu 9.04: libmagickcore1 7:6.4.5.4.dfsg1-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-784-1

Insight

It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Severity

Classification

CVE CVE-2009-1882
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for dhcp3 vulnerability USN-803-2
Ubuntu Update for eglibc USN-1396-1
Ubuntu Update for emacs23 USN-1586-1
Ubuntu Update for apturl USN-1132-1
Ubuntu Update for ffmpeg USN-1320-1

Take action and discover your vulnerabilities