lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1TMfuC-0006fo-Oi@titan.mandriva.com>
Date: Fri, 12 Oct 2012 16:08:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:165 ] graphicsmagick

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:165
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : graphicsmagick
 Date    : October 12, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in graphicsmagick:
 
 The Magick_png_malloc function in coders/png.c in GraphicsMagick
 6.7.8-6 does not use the proper variable type for the allocation size,
 which might allow remote attackers to cause a denial of service (crash)
 via a crafted PNG file that triggers incorrect memory allocation
 (CVE-2012-3438).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 367a67379d3161b66b3db37c56297eb3  2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
 d3519a5408d1eeda3db286bc857a4bbb  2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
 65bb6c899b011afea13e8321dd3bdd32  2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
 101c43d52b1620343e1e81e3c6e3506f  2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
 67f5ef6ae5acea07bca6560a5bcf2c92  2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
 ee2e0fbe97ff041178d21590cc3c8153  2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

 Mandriva Linux 2011/X86_64:
 a957e7a56e08336b51e79554746f14af  2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
 67f2ce45766afef7b4d6077c7ce74ab3  2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
 cb565440ed807e22b90c7b39b569cd7f  2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
 f1e444f58c1c34e82730cc33274f9be4  2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
 d905ad3b3e4721b93a1c73c03904b736  2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
 59da14c146f61c83e7328ed4e47d03c5  2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

 Mandriva Enterprise Server 5:
 35bee93bbe7b07c5ef40d0cdc9666780  mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
 4dee9ac6d19b7e09400c76ac037e5cb3  mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
 fb0efbcf6b45c99f8706a92176352da9  mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
 fc5b40ab4b47d843890db033a7ac33bc  mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
 43a3600fdbacf3835e7c50f1a3b53013  mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
 1fc18562b79267c9042d12e3803e62ba  mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5eed0706962564085444d6ad9c257c6a  mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
 a1cec283ea30e3e0150b455df66aaae5  mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
 23faf2af638b0b8170e4e1ec52ff796d  mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
 9e5200bb525b14741d2acd65e127e41e  mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
 5e73b553cbad16496b2e4814a4315789  mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
 210e0928dbbc3d101e58d7dd93605d54  mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/dAmqjQ0CJFipgRAqQnAKCdc7msYWca9F4ureZDQAS9qpFdbgCgjIsI
MioOqERuxDOczXS0BQiqvTw=
=/jcp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ