Executive Summary
Summary | |
---|---|
Title | ImageMagick: Security hardening |
Informations | |||
---|---|---|---|
Name | GLSA-201810-04 | First vendor Publication | 2018-10-06 |
Vendor | Gentoo | Last vendor Modification | 2018-10-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Due to multiple vulnerabilities in various coders used by ImageMagick, Gentoo Linux now installs a policy.xml file which will restrict coder usage by default. Background Description Due to multiple -dSAFER sandbox bypass vulnerabilities in Ghostscript, this can lead to arbitrary code execution. To mitigate this problem we install a policy.xml file by default which will disable PS, EPS, PDF, and XPS coders. Impact Workaround Resolution All ImageMagick 7 users should upgrade to the latest version: References Availability https://security.gentoo.org/glsa/201810-04 |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201810-04.xml |
Alert History
Date | Informations |
---|---|
2018-10-06 21:19:22 |
|