[prev in list] [next in list] [prev in thread] [next in thread]
List: horde-announce
Subject: [announce] [SECURITY] RCE vulnerability in Horde_Image
From: Jan Schneider <jan () horde ! org>
Date: 2017-09-21 14:08:41
Message-ID: 20170921140841.Horde.g11oCdaEk30S7g2GrSzryBz () neo ! fritz ! box
[Download RAW message or body]
Hello,
a Remote Code Execution vulnerability has been found in the
Horde_Image library when using the "Im" backend that utilizes
ImageMagick's "convert" utility. It's not exploitable through any
Horde application, because the code path to the vulnerability is not
used by any Horde code. Custom applications using the Horde_Image
library might be affected though. This vulnerability affects all
versions of Horde_Image from 2.0.0 to 2.5.1.
A fixed version of the Horde_Image (version 2.5.2) library has already
been released and everybody is advised to upgrade to Horde_Image 2.5.2
as soon as possible.
Thanks to long-time contributor and supporter Thomas Jarosch
<thomas.jarosch@intra2net.com> for discovering and reporting these
vulnerabilities.
--
Jan Schneider
The Horde Project
https://www.horde.org/
--
Horde announcements mailing list
You are subscribed to this list as: horde-announce@progressive-comp.com
To unsubscribe, mail: announce-unsubscribe@lists.horde.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic