lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GI5Iq-0002wB-NO@mercury.mandriva.com>
Date: Tue, 29 Aug 2006 09:15:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:155 ] - Updated ImageMagick packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:155
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : August 29, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted
 attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743)
 
 Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted
 attackers to execute arbitrary code via crafted Sun bitmap images that trigger
 heap-based buffer overflows. (CVE-2006-3744)
 
 Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 
 6.2.9 allows user-assisted attackers to cause a denial of service (crash) 
 and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) 
 columns, and (3) rows values, which trigger a heap-based buffer overflow. 
 (CVE-2006-4144)
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f7c1f8c63d6e88a21cf040c27bc20115  2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.i586.rpm
 5b1279e63710439d5906452de7619baf  2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.i586.rpm
 ead63f1889e5f7ad14e07d229e6a51ff  2006.0/RPMS/libMagick8.4.2-6.2.4.3-1.2.20060mdk.i586.rpm
 af843e36e54d540b262be62c9dfc2213  2006.0/RPMS/libMagick8.4.2-devel-6.2.4.3-1.2.20060mdk.i586.rpm
 f6a11d5243521e59d4be1c4325c2a46a  2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.i586.rpm
 e4b6c31d3f78c27d07d1b933b26035d0  2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 85730b9e08b041dd79afc26180f3ea64  x86_64/2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.x86_64.rpm
 a75ca1c0a7497d8618734fd1c805ec6c  x86_64/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.x86_64.rpm
 69d40772b9caafa636a9645507d3e593  x86_64/2006.0/RPMS/lib64Magick8.4.2-6.2.4.3-1.2.20060mdk.x86_64.rpm
 b4cafa52cc359762b4986b78dcaf9556  x86_64/2006.0/RPMS/lib64Magick8.4.2-devel-6.2.4.3-1.2.20060mdk.x86_64.rpm
 b3e2b141c626282a7ea075e64bb6b93c  x86_64/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.x86_64.rpm
 e4b6c31d3f78c27d07d1b933b26035d0  x86_64/2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm

 Corporate 3.0:
 ebb56345796498b2df38fc7559fce769  corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.i586.rpm
 8d4ed101a407ed9aca298a5e3085745d  corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.i586.rpm
 56c80a65cc5b31d4c8dcdae47c56ba57  corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.7.C30mdk.i586.rpm
 4ee186d6f9d004296e530a4f8f298f22  corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.7.C30mdk.i586.rpm
 d9797b8c80c4527f8b41b2be56b3cb63  corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.i586.rpm
 45d71f01651307e4768274e80f72ecfa  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 19df6c6601c45fa3774c204e3fd25ba3  x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.x86_64.rpm
 473b57f63e9244de8697b48909f98274  x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.x86_64.rpm
 bde18af5f59aacf8856b9cc90713e6be  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.7.C30mdk.x86_64.rpm
 dcfc5557a3ebf09ceee49311057021e5  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.7.C30mdk.x86_64.rpm
 6ef9639f8af9e32a9d09a7916a20736c  x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.x86_64.rpm
 45d71f01651307e4768274e80f72ecfa  x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9C0EmqjQ0CJFipgRAmz1AJ4sNhz6tRHJcjCD/RPjAep0Zixo+ACfdH1c
cjCyOOO7ypteNoVP4tsiDHM=
=nr99
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ