lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IC336-0007AK-Ki@artemis.annvix.ca>
Date: Fri, 20 Jul 2007 18:42:20 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:147 ] - Updated ImageMagick packages
 fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:147
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : July 20, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered in how ImageMagick handles
 DCM and XWD image files.  If a user were tricked into processing a
 specially crafted image file with an application that uses ImageMagick,
 an attacker could cause a heap-based buffer overflow and possibly
 execute arbitrary code with the user's privileges.
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 343587ddd298b9dfb7dc6c5caecb70d0  2007.0/i586/ImageMagick-6.2.9.2-1.3mdv2007.0.i586.rpm
 fcce307ef73994175a3d51137266a6af  2007.0/i586/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.i586.rpm
 64bd268c6592b10f44adc22c16c8034b  2007.0/i586/libMagick10.4.0-6.2.9.2-1.3mdv2007.0.i586.rpm
 83bdd365ddaebdeba93669741053d998  2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.3mdv2007.0.i586.rpm
 da2075d33957e1cfd48bca48e6045366  2007.0/i586/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.i586.rpm 
 9475b65f0389811d6d24b4afb5d1f0f7  2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 96bdffd605ca39d1dc0a679cef1ac7fc  2007.0/x86_64/ImageMagick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 6889ad0d3b9b99744f4e3d245fa09a94  2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 3d58aa4195fcb658853bd515103e9434  2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 5eddebd9cae0bf6e9aedf8542e880ae1  2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 290cd11e7d80cc96cf633c12aa0907ce  2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.x86_64.rpm 
 9475b65f0389811d6d24b4afb5d1f0f7  2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 eb87e7c334209c8684a1b67445720fd7  2007.1/i586/ImageMagick-6.3.2.9-5.1mdv2007.1.i586.rpm
 3ae9d9d49b46f327efbcf35967700011  2007.1/i586/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.i586.rpm
 729b308b20fa3fdf18e262a4da4092d8  2007.1/i586/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.i586.rpm
 174bd6a073bc802246d6e97b1995174e  2007.1/i586/libMagick10.7.0-6.3.2.9-5.1mdv2007.1.i586.rpm
 ffe8d8e96f27eb2b5767f587c03d1c3f  2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.1mdv2007.1.i586.rpm
 94b7c633860dca3e15f6f93b9690bc06  2007.1/i586/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.i586.rpm 
 8d70c1afadd634d2e3b618b14b79efbf  2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 2321dfeec60cd7aa9d10e4b2d3e95c15  2007.1/x86_64/ImageMagick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 3cab45fe3f4f5d122645de4fe1bf9c03  2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 03b60841608c2ccb09f97befca901906  2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 209cc68583cc4daf0fa9ebd425c94007  2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 edcf84ea5290d2e92ddc2e2cd1f21a03  2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 43ba4dd5a323036259b1b5fdecc2076b  2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.x86_64.rpm 
 8d70c1afadd634d2e3b618b14b79efbf  2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

 Corporate 3.0:
 16813a44dac74871a5db809ce9f9e002  corporate/3.0/i586/ImageMagick-5.5.7.15-6.11.C30mdk.i586.rpm
 57b4e7c0600b065753442c4b5e221b20  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.11.C30mdk.i586.rpm
 0cc167ebf831e7480ae074bd16c15b75  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.11.C30mdk.i586.rpm
 25f93102616d5e30e97c145f13a35726  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.11.C30mdk.i586.rpm
 60e2ad207a60aaa172f4e3d0f024c122  corporate/3.0/i586/perl-Magick-5.5.7.15-6.11.C30mdk.i586.rpm 
 14bc8952ce20fd3849f80b1e78f7043c  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 593bbef64a1dd8be7dff37021a504812  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.11.C30mdk.x86_64.rpm
 7b9998a9e7f0f653aa57db89c27cb15b  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.11.C30mdk.x86_64.rpm
 6c7492a96b986962b8f8f9f7925bde8d  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.11.C30mdk.x86_64.rpm
 22f51cc5c770c95958f5e3c344748f5c  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.11.C30mdk.x86_64.rpm
 aefed15ea641344181dddd4ec35752c0  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.11.C30mdk.x86_64.rpm 
 14bc8952ce20fd3849f80b1e78f7043c  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

 Corporate 4.0:
 95973160bd68a3aed051806372901781  corporate/4.0/i586/ImageMagick-6.2.4.3-1.6.20060mlcs4.i586.rpm
 abde3c8490d43ae6420d0d9956f2aee5  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.i586.rpm
 b6d7c4e7eb3129d9dd7a54fb01ef8092  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.6.20060mlcs4.i586.rpm
 d84c750f874a5208012029e3583cb9e4  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.i586.rpm
 f675bf9dca0952142beb708f4810b9c7  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.i586.rpm 
 a875a3e81ed37bd88099a44f40f9cb56  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 932916789e755403722596bc6ff5db77  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 4450c7359f47f2dd7bc6792ede57a4e2  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 90666c9e1ed0ac69283ca78892f621ab  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 b55e2d4e7bea0f4f6c7ff76cb7cf5b7b  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 c2e233ddc77013d62169ea4cb4a1d56f  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm 
 a875a3e81ed37bd88099a44f40f9cb56  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGoSrZmqjQ0CJFipgRAtMxAJ9M8C7e4HWz1dumgv8FLsGKJVKCmwCg39ku
W9krF68ToP8F3PwDJxnUjas=
=SyYs
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ