if u are paranoid enough update imagemagick (webserver)

Started by michaa7, 2013/09/04, 14:16:47

Previous topic - Next topic
Print
Go Down Pages1
User actions

michaa7

2013/09/04, 14:16:47
Sorry, german only as h-online is down:
http://www.heise.de/newsticker/meldung/Debian-entdeckt-alte-ImageMagick-Luecke-wieder-1948775.html

In short: A debian dev uncovered an old bug which might compromise your *webserver* if someone uploads a prepared gif-image on it. The article states that sid is affected, but the package now (?) has been patched. Although I think this concerns only few users here,  it might be useful info to some of us.


Code Select
apt-get install imagemagick=8:6.8.5.6-3 imagemagick-6.q16=8:6.8.5.6-3 libmagickcore-6.q16-1=8:6.8.5.6-3 libmagickwand-6.q16-1=8:6.8.5.6-3  imagemagick-common=8:6.8.5.6-3

BTW: How do I compare the Debian version to the upstream version.
"imagemagick --version" has no output, so how else could we compare.
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

absolut

#1
2013/09/04, 15:37:42
Code Select
dpkg -l | grep imagemagick will show you the installed version

Code Select
apt-cache policy imagemagick will show you the installed version and all versions available in the repositories. consider that you need to run apt-get update first, to be up-to-date. also consider that you need to have corresponding repositories enabled (e.g. experimental)

regarding the "check upstream version", you would basically need to check your installed version against the "upstream resources" (probably project website or their repository -cvs/svn/git/...)
Print
Go Up Pages1
User actions