|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-11] ImageMagick: Filename handling vulnerability Vulnerability Scan
Vulnerability Scan Summary ImageMagick: Filename handling vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-11
(ImageMagick: Filename handling vulnerability)
Tavis Ormandy of the Gentoo Linux Security Audit Team has
identified a flaw in the handling of filenames by the ImageMagick
utilities.
Impact
Successful exploitation may disrupt web applications that depend
on ImageMagick for image processing, potentially executing arbitrary
code.
Workaround
There is no known workaround at this time.
Solution:
All ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|