lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GqIYv-0000OS-CE@mercury.mandriva.com>
Date: Fri,  1 Dec 2006 17:17:01 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:223 ] - Updated ImageMagick packages
	fixes vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:223
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : December 1, 2006
 Affected: 2006.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2
 before 6.2.4.5, has unknown impact and user-assisted attack vectors via
 a crafted SGI image.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 df62dd8449b08426a4188d5959b3f823  2006.0/i586/ImageMagick-6.2.4.3-1.4.20060mdk.i586.rpm
 e87bbddff33171aae89d1d08400907a7  2006.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mdk.i586.rpm
 8755d8beabe9a85f3e7a07b73d071c59  2006.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mdk.i586.rpm
 2b6ae5e3b4c8e187e095442e7dcd5c24  2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mdk.i586.rpm
 d7e61aa5943b52eb374b0a2e44232e93  2006.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mdk.i586.rpm 
 e5875ef8dd63237d5c7c74a441b123fc  2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 973d1bb7026248e93c9f1a16eba0cfaf  2006.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mdk.x86_64.rpm
 ca759633ecf8ef52b1c34f55d5a3af6d  2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mdk.x86_64.rpm
 f65de07d50364a3c861f50ce6f11fee4  2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mdk.x86_64.rpm
 c9e86c379bdfeb36e25bfd34e094b921  2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mdk.x86_64.rpm
 9d58fe1606d8f1f0f6a225df3ac58b48  2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mdk.x86_64.rpm 
 e5875ef8dd63237d5c7c74a441b123fc  2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm

 Corporate 3.0:
 fc15d48d236f0d1f738c795190081ddd  corporate/3.0/i586/ImageMagick-5.5.7.15-6.9.C30mdk.i586.rpm
 3ba801afddeb42759aebd891971b5fce  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.9.C30mdk.i586.rpm
 35c8a337172b91501486381be4e0aa7d  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.9.C30mdk.i586.rpm
 3273f233005c79adf0602ade443de675  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.9.C30mdk.i586.rpm
 8dfce9d9e00005e990c1203c1144ac34  corporate/3.0/i586/perl-Magick-5.5.7.15-6.9.C30mdk.i586.rpm 
 3cf9bff07102ada97373a66c5f4c6e05  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0f8193fed5ac7b344398b9e99fe5bccb  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.9.C30mdk.x86_64.rpm
 bdae28be1bcacf4f5bc6d9bdfa589cbd  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.9.C30mdk.x86_64.rpm
 fa4a5fe3e447770c33ef0596da8570fb  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.9.C30mdk.x86_64.rpm
 8af081adcd750d5edec44bf1e85e5c7d  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.9.C30mdk.x86_64.rpm
 e238642447217ade5a772c4b12b492b3  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.9.C30mdk.x86_64.rpm 
 3cf9bff07102ada97373a66c5f4c6e05  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm

 Corporate 4.0:
 dde2f028a95732f3d5fd5bfd48ede727  corporate/4.0/i586/ImageMagick-6.2.4.3-1.4.20060mlcs4.i586.rpm
 6affed772cabdc8e8eb6e6ed96efb178  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.i586.rpm
 426d44c76834a660ea48c09719048de2  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mlcs4.i586.rpm
 4cc0f80f0bbfdbc1c26a497f14e2dd0d  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.i586.rpm
 9deab133788e00cf6487a057042c3ae0  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.i586.rpm 
 0b75266159c73fcb8a0f7027d208bee2  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 283a0751148b3468bd3e2281d819f08d  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
 48ee2e7835b97a89e27342c3a27db913  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
 fad038ed56f886f4656302721a616578  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
 17b7841d6459f0a52662f43d16f09771  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
 dbcfd793204ead891cbf779c1075287e  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm 
 0b75266159c73fcb8a0f7027d208bee2  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFcJi1mqjQ0CJFipgRAoCvAJ9sJwsy6KmxvLwFtEyFiCoLvVHIaACgj+2v
kI0mULDMWX7ydgtZ+bArC40=
=m55O
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ