lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Mw67E-0003EW-Rv@titan.mandriva.com>
Date: Fri, 09 Oct 2009 05:26:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:260 ] imagemagick


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:260
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : imagemagick
 Date    : August 8, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ImageMagick,
 which could lead to integer overflow in the XMakeImage function in
 magick/xwindow.c, allowing remote attackers to cause a denial of
 service (crash) and possibly execute arbitrary code via a crafted
 TIFF file, which triggers a buffer overflow (CVE-2009-1882).
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 000d32ef4c7a210f723bb8abca2369a1  2008.1/i586/imagemagick-6.3.8.9-1.1mdv2008.1.i586.rpm
 3bb088effcf1578730669f7090715a79  2008.1/i586/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.i586.rpm
 31eb071ed1805064709079f359bdccd1  2008.1/i586/imagemagick-doc-6.3.8.9-1.1mdv2008.1.i586.rpm
 6201b7e4a52ef6c7835ca0002d33dade  2008.1/i586/libmagick1-6.3.8.9-1.1mdv2008.1.i586.rpm
 ac1d144fb0f3b1b9c2f728b6c1fa7d38  2008.1/i586/libmagick-devel-6.3.8.9-1.1mdv2008.1.i586.rpm
 98a34a50e775d92bb88d41e01beed2c8  2008.1/i586/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.i586.rpm 
 8dc8984568f0e766616f2b1a8d6ffb3f  2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 568ecc8b6e1d1927f8193daf92a6d822  2008.1/x86_64/imagemagick-6.3.8.9-1.1mdv2008.1.x86_64.rpm
 46f7fb348d6b11c30e2f53c7b65552cf  2008.1/x86_64/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.x86_64.rpm
 4d5a62dff9b657c5ad24103adf5534fe  2008.1/x86_64/imagemagick-doc-6.3.8.9-1.1mdv2008.1.x86_64.rpm
 1db6951bf26fb55b071ce965db0936c5  2008.1/x86_64/lib64magick1-6.3.8.9-1.1mdv2008.1.x86_64.rpm
 3d9cf389175542631f558677b23d6b9e  2008.1/x86_64/lib64magick-devel-6.3.8.9-1.1mdv2008.1.x86_64.rpm
 6aa6c28c70a270a5bfa3f18e33e0db0f  2008.1/x86_64/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.x86_64.rpm 
 8dc8984568f0e766616f2b1a8d6ffb3f  2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 5864e9f2d4a68acf190615abd5f46f7e  2009.0/i586/imagemagick-6.4.2.10-5.1mdv2009.0.i586.rpm
 a16e207372431f6087ca52339eeed188  2009.0/i586/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.i586.rpm
 8eb2185217957bcb40b83a79d579a76e  2009.0/i586/imagemagick-doc-6.4.2.10-5.1mdv2009.0.i586.rpm
 d922a7bb2f34cff1e646a9e8006d1ba8  2009.0/i586/libmagick1-6.4.2.10-5.1mdv2009.0.i586.rpm
 6b5e5feef320022373fef83699daff57  2009.0/i586/libmagick-devel-6.4.2.10-5.1mdv2009.0.i586.rpm
 c6829d7f1f6d2822ee1eff9f8d864ae8  2009.0/i586/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.i586.rpm 
 64160117ddae7e1b63afe0ad2501c03f  2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 752d78e34f8af293dbc256ccce753537  2009.0/x86_64/imagemagick-6.4.2.10-5.1mdv2009.0.x86_64.rpm
 f9bf9850b50914e6df3ffed1f8134aef  2009.0/x86_64/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.x86_64.rpm
 a23f78e65f43a72a96f9e2b3e02c128f  2009.0/x86_64/imagemagick-doc-6.4.2.10-5.1mdv2009.0.x86_64.rpm
 6a5c32996c31efa050af82ebc6bf4d69  2009.0/x86_64/lib64magick1-6.4.2.10-5.1mdv2009.0.x86_64.rpm
 6b0e93615ac03d283db4a51ad29ed21f  2009.0/x86_64/lib64magick-devel-6.4.2.10-5.1mdv2009.0.x86_64.rpm
 1af2852fd61de493222f0bcf2d6577cb  2009.0/x86_64/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.x86_64.rpm 
 64160117ddae7e1b63afe0ad2501c03f  2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 f2593b7f31dcb185746313e65aff44f7  2009.1/i586/imagemagick-6.5.0.2-1.1mdv2009.1.i586.rpm
 e988e6b818ed5c02bd7a5ff148417b00  2009.1/i586/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.i586.rpm
 6d236c544e26afed4ef50e47686d872e  2009.1/i586/imagemagick-doc-6.5.0.2-1.1mdv2009.1.i586.rpm
 ddfdcefc6e06b96af42465299babbf10  2009.1/i586/libmagick2-6.5.0.2-1.1mdv2009.1.i586.rpm
 40770452d4b337bfe1f10748edf709dc  2009.1/i586/libmagick-devel-6.5.0.2-1.1mdv2009.1.i586.rpm
 b00fc21d70701d23202007369d33ae06  2009.1/i586/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.i586.rpm 
 4059b2a924977c1fd32957f0f795dc47  2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 d7fdb4d090e6eb3d597a03d91b595022  2009.1/x86_64/imagemagick-6.5.0.2-1.1mdv2009.1.x86_64.rpm
 9843947fcb53123bca7c8102c5aaef86  2009.1/x86_64/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.x86_64.rpm
 9cc98f238a7f91e46e000c6b0bcfa28a  2009.1/x86_64/imagemagick-doc-6.5.0.2-1.1mdv2009.1.x86_64.rpm
 83b07458a85288b2bbeac339bf498157  2009.1/x86_64/lib64magick2-6.5.0.2-1.1mdv2009.1.x86_64.rpm
 52cd08d348b044831a9c01b614f3a3d2  2009.1/x86_64/lib64magick-devel-6.5.0.2-1.1mdv2009.1.x86_64.rpm
 1faa5bb19ef4b7452a4fd0feab51b4a4  2009.1/x86_64/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.x86_64.rpm 
 4059b2a924977c1fd32957f0f795dc47  2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm

 Corporate 3.0:
 645ec451082e58239f0489a3fab44238  corporate/3.0/i586/ImageMagick-5.5.7.15-6.13.C30mdk.i586.rpm
 8310e2514914d4e7d344ba74b7f919a3  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.13.C30mdk.i586.rpm
 3012207a86e1f5610aba7f3109e19cd7  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.13.C30mdk.i586.rpm
 76b19c2f7536f1cb2e06c542540aa9af  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.13.C30mdk.i586.rpm
 f06f03723173bc820fe53efe43ab8c97  corporate/3.0/i586/perl-Magick-5.5.7.15-6.13.C30mdk.i586.rpm 
 ea14d890c45ca09b19c48f88ba50c133  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 496d83839bfeb45fcbf39e5c1918b9b3  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.3.100mdk.x86_64.rpm
 ea4fd434431ddceadd32c5ccc87b58ce  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.3.100mdk.x86_64.rpm
 8c941260c67e4aab1a3ce8373485281d  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.x86_64.rpm
 b41e2a5118973a036efdcac43324cf81  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.x86_64.rpm
 746b63d1b815ffb216c7d934c6054426  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.3.100mdk.x86_64.rpm 
 ea14d890c45ca09b19c48f88ba50c133  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm

 Corporate 4.0:
 66c83e2b4c0a89aa486fe5eb3ea27afe  corporate/4.0/i586/ImageMagick-6.2.4.3-1.9.20060mlcs4.i586.rpm
 b1886a35f1a2a2129a6501275b678b71  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.i586.rpm
 2847cd7464510d150178b4463aac5c80  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.9.20060mlcs4.i586.rpm
 629bb7b26373844d677d2499bf154f66  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.i586.rpm
 d05ef57b7fbbbfe5b982c09fab10ede2  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.i586.rpm 
 ad99ab7db500fd2afb62120088cc4d28  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 69517bf25c2493f61b603aa58bf5b171  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
 bc9bdd25c5ee2900f9f5beac206f698f  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
 3f6e510d8cfa8b8e718ccac2aaab3a60  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
 87ca291036ffb59c08611042c99ea83c  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
 63bcd120edab25c9c947c43e7dc9bfcd  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm 
 ad99ab7db500fd2afb62120088cc4d28  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 1a37840782a8ae1bab37f50b81fc0134  mes5/i586/imagemagick-6.4.2.10-5.1mdvmes5.i586.rpm
 22e54f467f3d46666271a581a9a96e88  mes5/i586/imagemagick-desktop-6.4.2.10-5.1mdvmes5.i586.rpm
 5e9c329e028cc589d963af48d4102910  mes5/i586/imagemagick-doc-6.4.2.10-5.1mdvmes5.i586.rpm
 06e75470dc9554fd589e11ff6eacc1ae  mes5/i586/libmagick1-6.4.2.10-5.1mdvmes5.i586.rpm
 354edabae7e2b0e2dea687111137ef62  mes5/i586/libmagick-devel-6.4.2.10-5.1mdvmes5.i586.rpm
 69f0d7c697752df502404ce598ce8601  mes5/i586/perl-Image-Magick-6.4.2.10-5.1mdvmes5.i586.rpm 
 7514326c9caa396cf19303c9c3fe8bb2  mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 f4626dafbdabba314cb91035476f8d6a  mes5/x86_64/imagemagick-6.4.2.10-5.1mdvmes5.x86_64.rpm
 bf3b2922a0da494815d1d9e5d43f68f7  mes5/x86_64/imagemagick-desktop-6.4.2.10-5.1mdvmes5.x86_64.rpm
 7f4e33fc5398d302d408ed8ac9476bf8  mes5/x86_64/imagemagick-doc-6.4.2.10-5.1mdvmes5.x86_64.rpm
 283844cc3e0be95dfc5b90d10225d3d4  mes5/x86_64/lib64magick1-6.4.2.10-5.1mdvmes5.x86_64.rpm
 a6eb1b319874c2080f8b1759d280ee65  mes5/x86_64/lib64magick-devel-6.4.2.10-5.1mdvmes5.x86_64.rpm
 04ccec2c19e2f9aedd4fed4df3b4e934  mes5/x86_64/perl-Image-Magick-6.4.2.10-5.1mdvmes5.x86_64.rpm 
 7514326c9caa396cf19303c9c3fe8bb2  mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKzn36mqjQ0CJFipgRAm1oAJ4/rmywtwmIUNsUAL6JwlHTXMkUFgCg2jZ2
z3CtOJKMPXSkoU0jFrEETgU=
=CJdS
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ