Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]   Go Down

Author Topic:  if u are paranoid enough update imagemagick (webserver)  (Read 2436 times)

Offline michaa7

  • User
  • Posts: 2.298
if u are paranoid enough update imagemagick (webserver)
« on: 2013/09/04, 14:16:47 »
Sorry, german only as h-online is down:
http://www.heise.de/newsticker/meldung/Debian-entdeckt-alte-ImageMagick-Luecke-wieder-1948775.html

In short: A debian dev uncovered an old bug which might compromise your *webserver* if someone uploads a prepared gif-image on it. The article states that sid is affected, but the package now (?) has been patched. Although I think this concerns only few users here,  it might be useful info to some of us.


Code: [Select]
apt-get install imagemagick=8:6.8.5.6-3 imagemagick-6.q16=8:6.8.5.6-3 libmagickcore-6.q16-1=8:6.8.5.6-3 libmagickwand-6.q16-1=8:6.8.5.6-3  imagemagick-common=8:6.8.5.6-3

BTW: How do I compare the Debian version to the upstream version.
"imagemagick --version" has no output, so how else could we compare.
Logged
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

Offline absolut

  • User
  • Posts: 455
RE: if u are paranoid enough update imagemagick (webserver)
« Reply #1 on: 2013/09/04, 15:37:42 »
Code: [Select]
dpkg -l | grep imagemagick will show you the installed version

Code: [Select]
apt-cache policy imagemagick will show you the installed version and all versions available in the repositories. consider that you need to run apt-get update first, to be up-to-date. also consider that you need to have corresponding repositories enabled (e.g. experimental)

regarding the "check upstream version", you would basically need to check your installed version against the "upstream resources" (probably project website or their repository -cvs/svn/git/...)
Logged
Pages: [1]   Go Up
« previous next »