Note: This is an archival copy of Security Sun Alert 201006 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000758.1. |
Category Security Release Phase Resolved 5103546 Date of Resolved Release 20-SEP-2004 Impact Due to multiple vulnerabilities in ImageMagick(1), a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user if that local user uses one of the ImageMagick(1) tools to load a bitmap (.bmp) format image file or an Audio Video Interleave (AVI) movie supplied by an untrusted remote user. Note: ImageMagick(1) provides a suite of command-line utilities for creating, converting, editing, and displaying images. These issues are described in the following document:
Contributing Factors These issues can occur in the following releases: Linux Platform
Note: JDS for Solaris is not impacted by these issues. The described issues only occur with ImageMagick versions ImageMagick-5.4.7-269 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of ImageMagick, the following command can be run: % rpm -qf /usr/bin/animate ImageMagick-5.4.7-269 Symptoms There are no reliable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution These issues are addressed in the following releases: Linux Platform
To download and install the updated RPMs from the update servers select the following from the launch bar: Launch >> Applications >> System Tools >> Online Update For more information on obtaining updates see:
Modification History Product Sun Java Desktop System Release 2 Attachments This solution has no attachment |
|