[Pkg-gmagick-im-team] Bug#559775: [imagemagick][ CVE-2008-3134] News from upstream
Bastien ROUCARIES
roucaries.bastien+imagemagick at gmail.com
Fri Jan 1 12:42:19 UTC 2010
About CVE-2008-3134 (bcc Petr because it seems to be in charge of imagemagick
at suse)
>We had reviewed CVE-2008-3134 when it was first released and determined that
>the ImageMagick releases at that time did not suffer from the vulnerabilities.
>Its possible that older versions of ImageMagick (circa 2002) might have the
>vulnerabilities. DOS vulnerabilities are addressed with the -limit option.
>Its perfectly valid, for example, to convert a 200000x200000 pixel image but
>it may be disruptive to a multi-user system. A solution may be to set the
>disk limit to say 1GB so that any image that exceeds the limit causes
>ImageMagick to exit. You can set a system wide policy in recent releases of
>ImageMagick. Just edit policy.xml
URL:
http://support.novell.com/security/cve/CVE-2008-3134.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3134
We will therefore close thiis bug report, if nobody disagree.
Thank
Bastien
More information about the Pkg-gmagick-im-team
mailing list