lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JMUzG-0004aL-9V@artemis.annvix.ca>
Date: Tue, 05 Feb 2008 14:05:50 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:035 ] - Updated libcdio packages fix
	DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:035
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : February 5, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple vulnerabilities were discovered in the image decoders
 of ImageMagick.  If a user or automated system were tricked into
 processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote
 attacker could execute arbitrary code with user privileges.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 f769a6e9cdaac75d8e32961ccb00ff08  2007.0/i586/ImageMagick-6.2.9.2-1.4mdv2007.0.i586.rpm
 da4ba75fb9c4ce748aca5c9d4a981ccf  2007.0/i586/ImageMagick-doc-6.2.9.2-1.4mdv2007.0.i586.rpm
 3f000b9bb25826f2feb3271bee45e241  2007.0/i586/libMagick10.4.0-6.2.9.2-1.4mdv2007.0.i586.rpm
 43dc08b50caa2d774fbf1a47056323cd  2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.4mdv2007.0.i586.rpm
 ecb1d36c15ded5e24c58e5d2f004a18f  2007.0/i586/perl-Image-Magick-6.2.9.2-1.4mdv2007.0.i586.rpm 
 66d2627c18ac1f9739f9f1cbac1c704d  2007.0/SRPMS/ImageMagick-6.2.9.2-1.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 093827d07248a9184058e58a9326adb4  2007.0/x86_64/ImageMagick-6.2.9.2-1.4mdv2007.0.x86_64.rpm
 41eb637b1d74bc2fdd13d74be6b4d2d6  2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.4mdv2007.0.x86_64.rpm
 6eb92f4086601fe1bd59c5c78d5212cf  2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.4mdv2007.0.x86_64.rpm
 904ab438361927b82cd1af3a2edb5689  2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.4mdv2007.0.x86_64.rpm
 a52a71857fbd66eb3286cc02fc53ceba  2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.4mdv2007.0.x86_64.rpm 
 66d2627c18ac1f9739f9f1cbac1c704d  2007.0/SRPMS/ImageMagick-6.2.9.2-1.4mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 048397265fe15565c0017f46c6edf59f  2007.1/i586/ImageMagick-6.3.2.9-5.2mdv2007.1.i586.rpm
 f35159f3d0b135bacca7948c8560a976  2007.1/i586/ImageMagick-desktop-6.3.2.9-5.2mdv2007.1.i586.rpm
 421efc4f8d766e65892058a602538698  2007.1/i586/ImageMagick-doc-6.3.2.9-5.2mdv2007.1.i586.rpm
 f7bb2a7b08af7b6e6d9a1c6f64b90a51  2007.1/i586/libMagick10.7.0-6.3.2.9-5.2mdv2007.1.i586.rpm
 8959a9c4e68049dc11d8f5af614055f1  2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.2mdv2007.1.i586.rpm
 bd892771691fe93dc08820d61764ef8e  2007.1/i586/perl-Image-Magick-6.3.2.9-5.2mdv2007.1.i586.rpm 
 8fbaab01832215fa6c55ca40ea57d98c  2007.1/SRPMS/ImageMagick-6.3.2.9-5.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 f518fb3ba0af963c13a2723765d4d1e4  2007.1/x86_64/ImageMagick-6.3.2.9-5.2mdv2007.1.x86_64.rpm
 d038a575f0ec1be2c97d0095a1a38dd4  2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.2mdv2007.1.x86_64.rpm
 cc1ca9ea5aeb07ffceec2970ce627393  2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.2mdv2007.1.x86_64.rpm
 a3056ce5a6817d11066125dd604a3846  2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.2mdv2007.1.x86_64.rpm
 87e413f954c9f2e867474ad71bb2f521  2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.2mdv2007.1.x86_64.rpm
 6081067fd5937390438f880e5f8843b9  2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.2mdv2007.1.x86_64.rpm 
 8fbaab01832215fa6c55ca40ea57d98c  2007.1/SRPMS/ImageMagick-6.3.2.9-5.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 5e253c5a9f2ceeb0a397994fd26e3b8e  2008.0/i586/imagemagick-6.3.2.9-10.1mdv2008.0.i586.rpm
 0eb353c910f330df4c17d82110040b12  2008.0/i586/imagemagick-desktop-6.3.2.9-10.1mdv2008.0.i586.rpm
 d6ba647366c29e3245bc66e0550e3100  2008.0/i586/imagemagick-doc-6.3.2.9-10.1mdv2008.0.i586.rpm
 b40f88ecdead9517de2c686ba1dc855a  2008.0/i586/libmagick10.7.0-6.3.2.9-10.1mdv2008.0.i586.rpm
 2020fd650d271491e4f344981e3e84d5  2008.0/i586/libmagick10.7.0-devel-6.3.2.9-10.1mdv2008.0.i586.rpm
 2078c6820e4a1c8af6894c28a5c424d4  2008.0/i586/perl-Image-Magick-6.3.2.9-10.1mdv2008.0.i586.rpm 
 430b9b4d9374492a1f0068b78f041c46  2008.0/SRPMS/imagemagick-6.3.2.9-10.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 0dde61805f006af26c8bf2bc320cddae  2008.0/x86_64/imagemagick-6.3.2.9-10.1mdv2008.0.x86_64.rpm
 07babdb0e17dce223cd023bad4166d2b  2008.0/x86_64/imagemagick-desktop-6.3.2.9-10.1mdv2008.0.x86_64.rpm
 eb2df961e28bb15c98c30cf5a0f4ab01  2008.0/x86_64/imagemagick-doc-6.3.2.9-10.1mdv2008.0.x86_64.rpm
 a22e5bba3bb66065dc1fd09d27a7f324  2008.0/x86_64/lib64magick10.7.0-6.3.2.9-10.1mdv2008.0.x86_64.rpm
 4cce42552072df0aa696d5e1d98dc213  2008.0/x86_64/lib64magick10.7.0-devel-6.3.2.9-10.1mdv2008.0.x86_64.rpm
 0ec8f9a07e18ba0a6395b18d339a2a28  2008.0/x86_64/perl-Image-Magick-6.3.2.9-10.1mdv2008.0.x86_64.rpm 
 430b9b4d9374492a1f0068b78f041c46  2008.0/SRPMS/imagemagick-6.3.2.9-10.1mdv2008.0.src.rpm

 Corporate 4.0:
 ed22991a08651166805a9e00938586fe  corporate/4.0/i586/ImageMagick-6.2.4.3-1.7.20060mlcs4.i586.rpm
 f73279eadd464e2d089b8394c3aa9a54  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.7.20060mlcs4.i586.rpm
 8ea866751752961c60e9fb82ce3cdeae  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.7.20060mlcs4.i586.rpm
 103f2da262a27b881ca83d24d8997a86  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.7.20060mlcs4.i586.rpm
 08f572996f4c715f2bdf6f5bd033421a  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.7.20060mlcs4.i586.rpm 
 d841ebc639506e8f5a0b5b3a8153ce1e  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f5c88607734d7b484f2b986a72b6d017  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.7.20060mlcs4.x86_64.rpm
 87955e8efd35b03cc9d0c1164af95d50  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.7.20060mlcs4.x86_64.rpm
 2dc943577a1e403ca21630b314cc2ae3  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.7.20060mlcs4.x86_64.rpm
 4d9946aed6d478d7010d4df0be341a6c  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.7.20060mlcs4.x86_64.rpm
 35203cd22455058ef71d0bb2cdd85ad3  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.7.20060mlcs4.x86_64.rpm 
 d841ebc639506e8f5a0b5b3a8153ce1e  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.7.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHqKRtmqjQ0CJFipgRAkxWAJsEU3Unei2S1KERdXveRi5AvKfv+QCgjJbL
edrPn6Pt9si2fUOk5TVr92I=
=H18V
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ