[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Mw67E-0003EW-Rv@titan.mandriva.com>
Date: Fri, 09 Oct 2009 05:26:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:260 ] imagemagick
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:260
http://www.mandriva.com/security/
_______________________________________________________________________
Package : imagemagick
Date : August 8, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ImageMagick,
which could lead to integer overflow in the XMakeImage function in
magick/xwindow.c, allowing remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted
TIFF file, which triggers a buffer overflow (CVE-2009-1882).
This update fixes this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
000d32ef4c7a210f723bb8abca2369a1 2008.1/i586/imagemagick-6.3.8.9-1.1mdv2008.1.i586.rpm
3bb088effcf1578730669f7090715a79 2008.1/i586/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.i586.rpm
31eb071ed1805064709079f359bdccd1 2008.1/i586/imagemagick-doc-6.3.8.9-1.1mdv2008.1.i586.rpm
6201b7e4a52ef6c7835ca0002d33dade 2008.1/i586/libmagick1-6.3.8.9-1.1mdv2008.1.i586.rpm
ac1d144fb0f3b1b9c2f728b6c1fa7d38 2008.1/i586/libmagick-devel-6.3.8.9-1.1mdv2008.1.i586.rpm
98a34a50e775d92bb88d41e01beed2c8 2008.1/i586/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.i586.rpm
8dc8984568f0e766616f2b1a8d6ffb3f 2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
568ecc8b6e1d1927f8193daf92a6d822 2008.1/x86_64/imagemagick-6.3.8.9-1.1mdv2008.1.x86_64.rpm
46f7fb348d6b11c30e2f53c7b65552cf 2008.1/x86_64/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.x86_64.rpm
4d5a62dff9b657c5ad24103adf5534fe 2008.1/x86_64/imagemagick-doc-6.3.8.9-1.1mdv2008.1.x86_64.rpm
1db6951bf26fb55b071ce965db0936c5 2008.1/x86_64/lib64magick1-6.3.8.9-1.1mdv2008.1.x86_64.rpm
3d9cf389175542631f558677b23d6b9e 2008.1/x86_64/lib64magick-devel-6.3.8.9-1.1mdv2008.1.x86_64.rpm
6aa6c28c70a270a5bfa3f18e33e0db0f 2008.1/x86_64/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.x86_64.rpm
8dc8984568f0e766616f2b1a8d6ffb3f 2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
5864e9f2d4a68acf190615abd5f46f7e 2009.0/i586/imagemagick-6.4.2.10-5.1mdv2009.0.i586.rpm
a16e207372431f6087ca52339eeed188 2009.0/i586/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.i586.rpm
8eb2185217957bcb40b83a79d579a76e 2009.0/i586/imagemagick-doc-6.4.2.10-5.1mdv2009.0.i586.rpm
d922a7bb2f34cff1e646a9e8006d1ba8 2009.0/i586/libmagick1-6.4.2.10-5.1mdv2009.0.i586.rpm
6b5e5feef320022373fef83699daff57 2009.0/i586/libmagick-devel-6.4.2.10-5.1mdv2009.0.i586.rpm
c6829d7f1f6d2822ee1eff9f8d864ae8 2009.0/i586/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.i586.rpm
64160117ddae7e1b63afe0ad2501c03f 2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
752d78e34f8af293dbc256ccce753537 2009.0/x86_64/imagemagick-6.4.2.10-5.1mdv2009.0.x86_64.rpm
f9bf9850b50914e6df3ffed1f8134aef 2009.0/x86_64/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.x86_64.rpm
a23f78e65f43a72a96f9e2b3e02c128f 2009.0/x86_64/imagemagick-doc-6.4.2.10-5.1mdv2009.0.x86_64.rpm
6a5c32996c31efa050af82ebc6bf4d69 2009.0/x86_64/lib64magick1-6.4.2.10-5.1mdv2009.0.x86_64.rpm
6b0e93615ac03d283db4a51ad29ed21f 2009.0/x86_64/lib64magick-devel-6.4.2.10-5.1mdv2009.0.x86_64.rpm
1af2852fd61de493222f0bcf2d6577cb 2009.0/x86_64/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.x86_64.rpm
64160117ddae7e1b63afe0ad2501c03f 2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
f2593b7f31dcb185746313e65aff44f7 2009.1/i586/imagemagick-6.5.0.2-1.1mdv2009.1.i586.rpm
e988e6b818ed5c02bd7a5ff148417b00 2009.1/i586/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.i586.rpm
6d236c544e26afed4ef50e47686d872e 2009.1/i586/imagemagick-doc-6.5.0.2-1.1mdv2009.1.i586.rpm
ddfdcefc6e06b96af42465299babbf10 2009.1/i586/libmagick2-6.5.0.2-1.1mdv2009.1.i586.rpm
40770452d4b337bfe1f10748edf709dc 2009.1/i586/libmagick-devel-6.5.0.2-1.1mdv2009.1.i586.rpm
b00fc21d70701d23202007369d33ae06 2009.1/i586/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.i586.rpm
4059b2a924977c1fd32957f0f795dc47 2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
d7fdb4d090e6eb3d597a03d91b595022 2009.1/x86_64/imagemagick-6.5.0.2-1.1mdv2009.1.x86_64.rpm
9843947fcb53123bca7c8102c5aaef86 2009.1/x86_64/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.x86_64.rpm
9cc98f238a7f91e46e000c6b0bcfa28a 2009.1/x86_64/imagemagick-doc-6.5.0.2-1.1mdv2009.1.x86_64.rpm
83b07458a85288b2bbeac339bf498157 2009.1/x86_64/lib64magick2-6.5.0.2-1.1mdv2009.1.x86_64.rpm
52cd08d348b044831a9c01b614f3a3d2 2009.1/x86_64/lib64magick-devel-6.5.0.2-1.1mdv2009.1.x86_64.rpm
1faa5bb19ef4b7452a4fd0feab51b4a4 2009.1/x86_64/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.x86_64.rpm
4059b2a924977c1fd32957f0f795dc47 2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm
Corporate 3.0:
645ec451082e58239f0489a3fab44238 corporate/3.0/i586/ImageMagick-5.5.7.15-6.13.C30mdk.i586.rpm
8310e2514914d4e7d344ba74b7f919a3 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.13.C30mdk.i586.rpm
3012207a86e1f5610aba7f3109e19cd7 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.13.C30mdk.i586.rpm
76b19c2f7536f1cb2e06c542540aa9af corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.13.C30mdk.i586.rpm
f06f03723173bc820fe53efe43ab8c97 corporate/3.0/i586/perl-Magick-5.5.7.15-6.13.C30mdk.i586.rpm
ea14d890c45ca09b19c48f88ba50c133 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
496d83839bfeb45fcbf39e5c1918b9b3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.3.100mdk.x86_64.rpm
ea4fd434431ddceadd32c5ccc87b58ce corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.3.100mdk.x86_64.rpm
8c941260c67e4aab1a3ce8373485281d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.x86_64.rpm
b41e2a5118973a036efdcac43324cf81 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.x86_64.rpm
746b63d1b815ffb216c7d934c6054426 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.3.100mdk.x86_64.rpm
ea14d890c45ca09b19c48f88ba50c133 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm
Corporate 4.0:
66c83e2b4c0a89aa486fe5eb3ea27afe corporate/4.0/i586/ImageMagick-6.2.4.3-1.9.20060mlcs4.i586.rpm
b1886a35f1a2a2129a6501275b678b71 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.i586.rpm
2847cd7464510d150178b4463aac5c80 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.9.20060mlcs4.i586.rpm
629bb7b26373844d677d2499bf154f66 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.i586.rpm
d05ef57b7fbbbfe5b982c09fab10ede2 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.i586.rpm
ad99ab7db500fd2afb62120088cc4d28 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
69517bf25c2493f61b603aa58bf5b171 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
bc9bdd25c5ee2900f9f5beac206f698f corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
3f6e510d8cfa8b8e718ccac2aaab3a60 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
87ca291036ffb59c08611042c99ea83c corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
63bcd120edab25c9c947c43e7dc9bfcd corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
ad99ab7db500fd2afb62120088cc4d28 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
1a37840782a8ae1bab37f50b81fc0134 mes5/i586/imagemagick-6.4.2.10-5.1mdvmes5.i586.rpm
22e54f467f3d46666271a581a9a96e88 mes5/i586/imagemagick-desktop-6.4.2.10-5.1mdvmes5.i586.rpm
5e9c329e028cc589d963af48d4102910 mes5/i586/imagemagick-doc-6.4.2.10-5.1mdvmes5.i586.rpm
06e75470dc9554fd589e11ff6eacc1ae mes5/i586/libmagick1-6.4.2.10-5.1mdvmes5.i586.rpm
354edabae7e2b0e2dea687111137ef62 mes5/i586/libmagick-devel-6.4.2.10-5.1mdvmes5.i586.rpm
69f0d7c697752df502404ce598ce8601 mes5/i586/perl-Image-Magick-6.4.2.10-5.1mdvmes5.i586.rpm
7514326c9caa396cf19303c9c3fe8bb2 mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
f4626dafbdabba314cb91035476f8d6a mes5/x86_64/imagemagick-6.4.2.10-5.1mdvmes5.x86_64.rpm
bf3b2922a0da494815d1d9e5d43f68f7 mes5/x86_64/imagemagick-desktop-6.4.2.10-5.1mdvmes5.x86_64.rpm
7f4e33fc5398d302d408ed8ac9476bf8 mes5/x86_64/imagemagick-doc-6.4.2.10-5.1mdvmes5.x86_64.rpm
283844cc3e0be95dfc5b90d10225d3d4 mes5/x86_64/lib64magick1-6.4.2.10-5.1mdvmes5.x86_64.rpm
a6eb1b319874c2080f8b1759d280ee65 mes5/x86_64/lib64magick-devel-6.4.2.10-5.1mdvmes5.x86_64.rpm
04ccec2c19e2f9aedd4fed4df3b4e934 mes5/x86_64/perl-Image-Magick-6.4.2.10-5.1mdvmes5.x86_64.rpm
7514326c9caa396cf19303c9c3fe8bb2 mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKzn36mqjQ0CJFipgRAm1oAJ4/rmywtwmIUNsUAL6JwlHTXMkUFgCg2jZ2
z3CtOJKMPXSkoU0jFrEETgU=
=CJdS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists