Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:099 ] - Updated ImageMagick packages fix vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1210290367-11275-4170

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:099

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : ImageMagick

Date : May 8, 2008

Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

A heap-based buffer overflow vulnerability was found in how ImageMagick

parsed XCF files. If ImageMagick opened a specially-crafted XCF

file, it could be made to overwrite heap memory beyond the bounds

of its allocated memory, potentially allowing an attacker to execute

arbitrary code on the system running ImageMagick (CVE-2008-1096).

 

Another heap-based buffer overflow vulnerability was found in how

ImageMagick processed certain malformed PCX images. If ImageMagick

opened a specially-crafted PCX image file, an attacker could

possibly execute arbitrary code on the system running ImageMagick

(CVE-2008-1097).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

5c343e4a38145052acaa6f7cfbf65470 2007.1/i586/ImageMagick-6.3.2.9-5.3mdv2007.1.i586.rpm

8f586df7e7f59d6829cf8da2a6a96768 2007.1/i586/ImageMagick-desktop-6.3.2.9-5.3mdv2007.1.i586.rpm

99acce7190811154ac4155d13a474952 2007.1/i586/ImageMagick-doc-6.3.2.9-5.3mdv2007.1.i586.rpm

256039dbb959ca52c20e3ccd3c767200 2007.1/i586/libMagick10.7.0-6.3.2.9-5.3mdv2007.1.i586.rpm

4ed1bc7689320883bc3851964dd93f6e 2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.3mdv2007.1.i586.rpm

718f0b54d11a64c427dac3a0f2bb0a15 2007.1/i586/perl-Image-Magick-6.3.2.9-5.3mdv2007.1.i586.rpm

d45ab92b743be9d7d22e120b07128f25 2007.1/SRPMS/ImageMagick-6.3.2.9-5.3mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

7e8b46d79a519fcebc8930b61392143d 2007.1/x86_64/ImageMagick-6.3.2.9-5.3mdv2007.1.x86_64.rpm

c739fb4cbbcb9bbadcdd68c79b5f5425 2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.3mdv2007.1.x86_64.rpm

974fb348334f8a9384bed245a9f0c056 2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.3mdv2007.1.x86_64.rpm

7fa5dd64af4d9036d67c73c42f023bf8 2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.3mdv2007.1.x86_64.rpm

685dc0561721023679e70850017063b6 2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.3mdv2007.1.x86_64.rpm

3f23b06af576723010e1e29a2f53456c 2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.3mdv2007.1.x86_64.rpm

d45ab92b743be9d7d22e120b07128f25 2007.1/SRPMS/ImageMagick-6.3.2.9-5.3mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

76ff914d1d7c5338039604e5e30a811d 2008.0/i586/imagemagick-6.3.2.9-10.2mdv2008.0.i586.rpm

f0f828beb3f101538c8b7d781b625313 2008.0/i586/imagemagick-desktop-6.3.2.9-10.2mdv2008.0.i586.rpm

86680d1b420b813788b030e9b11048df 2008.0/i586/imagemagick-doc-6.3.2.9-10.2mdv2008.0.i586.rpm

10e7ee59358a89f38416b2b8c1c9d2db 2008.0/i586/libmagick10.7.0-6.3.2.9-10.2mdv2008.0.i586.rpm

b0d004fa9ec737f872d8fe85133f3038 2008.0/i586/libmagick10.7.0-devel-6.3.2.9-10.2mdv2008.0.i586.rpm

3cce517ca16148cdc8da2826d410bac7 2008.0/i586/perl-Image-Magick-6.3.2.9-10.2mdv2008.0.i586.rpm

4a15317646fadc9b1fd4b6373378f341 2008.0/SRPMS/imagemagick-6.3.2.9-10.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

3afdcff734b0e810557ce905c0096f12 2008.0/x86_64/imagemagick-6.3.2.9-10.2mdv2008.0.x86_64.rpm

4491fbacf3a62c0062b5bde4cad4faeb 2008.0/x86_64/imagemagick-desktop-6.3.2.9-10.2mdv2008.0.x86_64.rpm

c10b2dc3a3a84cb52c8aa9e3e836516f 2008.0/x86_64/imagemagick-doc-6.3.2.9-10.2mdv2008.0.x86_64.rpm

653023e0e5b1c77cf0d006d48aba56ab 2008.0/x86_64/lib64magick10.7.0-6.3.2.9-10.2mdv2008.0.x86_64.rpm

1bcaa89265594bd25987e206b8b93d10 2008.0/x86_64/lib64magick10.7.0-devel-6.3.2.9-10.2mdv2008.0.x86_64.rpm

cbd5ec0c0036d3fa91edf9dedb11654a 2008.0/x86_64/perl-Image-Magick-6.3.2.9-10.2mdv2008.0.x86_64.rpm

4a15317646fadc9b1fd4b6373378f341 2008.0/SRPMS/imagemagick-6.3.2.9-10.2mdv2008.0.src.rpm

 

Corporate 3.0:

eac575a0d1b629fce26e1080172f1df7 corporate/3.0/i586/ImageMagick-5.5.7.15-6.12.C30mdk.i586.rpm

9dc85c5ba6b1d868194d6a11334bd11f corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.12.C30mdk.i586.rpm

a67036628e4f7fcc1efaf147d634b368 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.12.C30mdk.i586.rpm

a4d1b91cbe7af5dde9ee718a4926ec32 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.12.C30mdk.i586.rpm

c87a0ddb81d2451ed8936d469ebdc42e corporate/3.0/i586/perl-Magick-5.5.7.15-6.12.C30mdk.i586.rpm

3ec1a7f38dc1649a00b5be9dc33032d8 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.12.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

62dd94a60dd36aa41a563f6a4b44c99e corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.12.C30mdk.x86_64.rpm

0fb3d7356e29541c2599c036d1c179e9 corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.12.C30mdk.x86_64.rpm

abb02f8ebf0934c85c8eaa9be444220d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.12.C30mdk.x86_64.rpm

7683bf5df9f9714da46888aac09e7ab0 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.12.C30mdk.x86_64.rpm

044958de60e380aeb517e4b2c6c12f2d corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.12.C30mdk.x86_64.rpm

3ec1a7f38dc1649a00b5be9dc33032d8 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.12.C30mdk.src.rpm

 

Corporate 4.0:

d8af8ee9a244747f8c0b55bbf1e26816 corporate/4.0/i586/ImageMagick-6.2.4.3-1.8.20060mlcs4.i586.rpm

5625077731edf203836da8666fbdd926 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.8.20060mlcs4.i586.rpm

6a5eaf0b48d86d4b51689337ec13fa08 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.8.20060mlcs4.i586.rpm

3a2d3ef19fd55ee42ad085a325a2a53c corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.8.20060mlcs4.i586.rpm

0fc00d98a663c675ea24b8d28962c0ab corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.8.20060mlcs4.i586.rpm

0bca1c450565a986f0924569e746a8ef corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.8.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

5ab4265ac6a5f910c8eac1dcab101467 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.8.20060mlcs4.x86_64.rpm

7a0b99c11f91dfd77af23ed991613d30 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.8.20060mlcs4.x86_64.rpm

d5d8f2e78a28b67f071d46fce441a073 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.8.20060mlcs4.x86_64.rpm

1cabba8d236359dba15d68e5a93e8b07 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.8.20060mlcs4.x86_64.rpm

956b15c8e41087e0302816cd87ac9415 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.8.20060mlcs4.x86_64.rpm

0bca1c450565a986f0924569e746a8ef corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.8.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFII2TumqjQ0CJFipgRAjqvAKCbE8dNeQAGwS/+9Q7uK679tIixOACg10FN

4UqN8kPEMw+hzAI+NJBPFTk=

=21B2

-----END PGP SIGNATURE-----

 

 

------------=_1210290367-11275-4170

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1210290367-11275-4170--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×