| Zusammenfassung: | The remote host is missing an update for the 'converseen, cuneiform-linux, imagemagick, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang' package(s) announced via the MGASA-2016-0257 advisory. |
| Beschreibung: | Summary:
The remote host is missing an update for the 'converseen, cuneiform-linux, imagemagick, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang' package(s) announced via the MGASA-2016-0257 advisory.
Vulnerability Insight:
Updated imagemagick package fixes security vulnerabilities:
The OpenBlob function in blob.c in ImageMagick allows remote attackers to
execute arbitrary code via a (pipe) character at the start of a filename
(CVE-2016-5118).
Integer overflow in MagickCore/profile.c (CVE-2016-5841).
Buffer overread in MagickCore/property.c (CVE-2016-5842).
Also, several packages have been rebuilt to use the updated Magick++-6.Q16
library. These include converseen, cuneiform-linux, inkscape, k3d, kcm-grub2,
kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit,
pythonmagick, synfig, vdr-plugin-skinelchi, and vdr-plugin-skinenigmang.
Affected Software/OS:
'converseen, cuneiform-linux, imagemagick, inkscape, k3d, kcm-grub2, kxstitch, performous, perl-Image-SubImageFind, pfstools, pstoedit, pythonmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
