lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JuFnI-0001CN-H2@titan.mandriva.com>
Date: Thu, 08 May 2008 17:45:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:099 ] - Updated ImageMagick packages
	fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:099
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : May 8, 2008
 Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A heap-based buffer overflow vulnerability was found in how ImageMagick
 parsed XCF files.  If ImageMagick opened a specially-crafted XCF
 file, it could be made to overwrite heap memory beyond the bounds
 of its allocated memory, potentially allowing an attacker to execute
 arbitrary code on the system running ImageMagick (CVE-2008-1096).
 
 Another heap-based buffer overflow vulnerability was found in how
 ImageMagick processed certain malformed PCX images.  If ImageMagick
 opened a specially-crafted PCX image file, an attacker could
 possibly execute arbitrary code on the system running ImageMagick
 (CVE-2008-1097).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 5c343e4a38145052acaa6f7cfbf65470  2007.1/i586/ImageMagick-6.3.2.9-5.3mdv2007.1.i586.rpm
 8f586df7e7f59d6829cf8da2a6a96768  2007.1/i586/ImageMagick-desktop-6.3.2.9-5.3mdv2007.1.i586.rpm
 99acce7190811154ac4155d13a474952  2007.1/i586/ImageMagick-doc-6.3.2.9-5.3mdv2007.1.i586.rpm
 256039dbb959ca52c20e3ccd3c767200  2007.1/i586/libMagick10.7.0-6.3.2.9-5.3mdv2007.1.i586.rpm
 4ed1bc7689320883bc3851964dd93f6e  2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.3mdv2007.1.i586.rpm
 718f0b54d11a64c427dac3a0f2bb0a15  2007.1/i586/perl-Image-Magick-6.3.2.9-5.3mdv2007.1.i586.rpm 
 d45ab92b743be9d7d22e120b07128f25  2007.1/SRPMS/ImageMagick-6.3.2.9-5.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7e8b46d79a519fcebc8930b61392143d  2007.1/x86_64/ImageMagick-6.3.2.9-5.3mdv2007.1.x86_64.rpm
 c739fb4cbbcb9bbadcdd68c79b5f5425  2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.3mdv2007.1.x86_64.rpm
 974fb348334f8a9384bed245a9f0c056  2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.3mdv2007.1.x86_64.rpm
 7fa5dd64af4d9036d67c73c42f023bf8  2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.3mdv2007.1.x86_64.rpm
 685dc0561721023679e70850017063b6  2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.3mdv2007.1.x86_64.rpm
 3f23b06af576723010e1e29a2f53456c  2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.3mdv2007.1.x86_64.rpm 
 d45ab92b743be9d7d22e120b07128f25  2007.1/SRPMS/ImageMagick-6.3.2.9-5.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 76ff914d1d7c5338039604e5e30a811d  2008.0/i586/imagemagick-6.3.2.9-10.2mdv2008.0.i586.rpm
 f0f828beb3f101538c8b7d781b625313  2008.0/i586/imagemagick-desktop-6.3.2.9-10.2mdv2008.0.i586.rpm
 86680d1b420b813788b030e9b11048df  2008.0/i586/imagemagick-doc-6.3.2.9-10.2mdv2008.0.i586.rpm
 10e7ee59358a89f38416b2b8c1c9d2db  2008.0/i586/libmagick10.7.0-6.3.2.9-10.2mdv2008.0.i586.rpm
 b0d004fa9ec737f872d8fe85133f3038  2008.0/i586/libmagick10.7.0-devel-6.3.2.9-10.2mdv2008.0.i586.rpm
 3cce517ca16148cdc8da2826d410bac7  2008.0/i586/perl-Image-Magick-6.3.2.9-10.2mdv2008.0.i586.rpm 
 4a15317646fadc9b1fd4b6373378f341  2008.0/SRPMS/imagemagick-6.3.2.9-10.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 3afdcff734b0e810557ce905c0096f12  2008.0/x86_64/imagemagick-6.3.2.9-10.2mdv2008.0.x86_64.rpm
 4491fbacf3a62c0062b5bde4cad4faeb  2008.0/x86_64/imagemagick-desktop-6.3.2.9-10.2mdv2008.0.x86_64.rpm
 c10b2dc3a3a84cb52c8aa9e3e836516f  2008.0/x86_64/imagemagick-doc-6.3.2.9-10.2mdv2008.0.x86_64.rpm
 653023e0e5b1c77cf0d006d48aba56ab  2008.0/x86_64/lib64magick10.7.0-6.3.2.9-10.2mdv2008.0.x86_64.rpm
 1bcaa89265594bd25987e206b8b93d10  2008.0/x86_64/lib64magick10.7.0-devel-6.3.2.9-10.2mdv2008.0.x86_64.rpm
 cbd5ec0c0036d3fa91edf9dedb11654a  2008.0/x86_64/perl-Image-Magick-6.3.2.9-10.2mdv2008.0.x86_64.rpm 
 4a15317646fadc9b1fd4b6373378f341  2008.0/SRPMS/imagemagick-6.3.2.9-10.2mdv2008.0.src.rpm

 Corporate 3.0:
 eac575a0d1b629fce26e1080172f1df7  corporate/3.0/i586/ImageMagick-5.5.7.15-6.12.C30mdk.i586.rpm
 9dc85c5ba6b1d868194d6a11334bd11f  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.12.C30mdk.i586.rpm
 a67036628e4f7fcc1efaf147d634b368  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.12.C30mdk.i586.rpm
 a4d1b91cbe7af5dde9ee718a4926ec32  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.12.C30mdk.i586.rpm
 c87a0ddb81d2451ed8936d469ebdc42e  corporate/3.0/i586/perl-Magick-5.5.7.15-6.12.C30mdk.i586.rpm 
 3ec1a7f38dc1649a00b5be9dc33032d8  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 62dd94a60dd36aa41a563f6a4b44c99e  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.12.C30mdk.x86_64.rpm
 0fb3d7356e29541c2599c036d1c179e9  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.12.C30mdk.x86_64.rpm
 abb02f8ebf0934c85c8eaa9be444220d  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.12.C30mdk.x86_64.rpm
 7683bf5df9f9714da46888aac09e7ab0  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.12.C30mdk.x86_64.rpm
 044958de60e380aeb517e4b2c6c12f2d  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.12.C30mdk.x86_64.rpm 
 3ec1a7f38dc1649a00b5be9dc33032d8  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.12.C30mdk.src.rpm

 Corporate 4.0:
 d8af8ee9a244747f8c0b55bbf1e26816  corporate/4.0/i586/ImageMagick-6.2.4.3-1.8.20060mlcs4.i586.rpm
 5625077731edf203836da8666fbdd926  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.8.20060mlcs4.i586.rpm
 6a5eaf0b48d86d4b51689337ec13fa08  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.8.20060mlcs4.i586.rpm
 3a2d3ef19fd55ee42ad085a325a2a53c  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.8.20060mlcs4.i586.rpm
 0fc00d98a663c675ea24b8d28962c0ab  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.8.20060mlcs4.i586.rpm 
 0bca1c450565a986f0924569e746a8ef  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5ab4265ac6a5f910c8eac1dcab101467  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.8.20060mlcs4.x86_64.rpm
 7a0b99c11f91dfd77af23ed991613d30  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.8.20060mlcs4.x86_64.rpm
 d5d8f2e78a28b67f071d46fce441a073  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.8.20060mlcs4.x86_64.rpm
 1cabba8d236359dba15d68e5a93e8b07  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.8.20060mlcs4.x86_64.rpm
 956b15c8e41087e0302816cd87ac9415  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.8.20060mlcs4.x86_64.rpm 
 0bca1c450565a986f0924569e746a8ef  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.8.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFII2TumqjQ0CJFipgRAjqvAKCbE8dNeQAGwS/+9Q7uK679tIixOACg10FN
4UqN8kPEMw+hzAI+NJBPFTk=
=21B2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ