[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:261 ] graphicsmagick
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:261 ] graphicsmagick
- From: security@xxxxxxxxxxxx
- Date: Fri, 09 Oct 2009 05:20:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:261
http://www.mandriva.com/security/
_______________________________________________________________________
Package : graphicsmagick
Date : August 8, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in GraphicsMagick,
which could lead to integer overflow in the XMakeImage function in
magick/xwindow.c, allowing remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted
TIFF file, which triggers a buffer overflow (CVE-2009-1882).
This update fixes this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
ade6b05054eb5fdb7ee5d218bdfb713d
2009.0/i586/graphicsmagick-1.2.5-2.1mdv2009.0.i586.rpm
55a6a4b0427607c62afbd80c65c7514b
2009.0/i586/graphicsmagick-doc-1.2.5-2.1mdv2009.0.i586.rpm
52c6edba294aca9900fc693e71d4bb8f
2009.0/i586/libgraphicsmagick2-1.2.5-2.1mdv2009.0.i586.rpm
d9401800dac3796c09fc53392f77d2a8
2009.0/i586/libgraphicsmagick-devel-1.2.5-2.1mdv2009.0.i586.rpm
f48a7fbeca593f65735d58de976ca155
2009.0/i586/libgraphicsmagickwand1-1.2.5-2.1mdv2009.0.i586.rpm
8b773ffdfd8beefb460976a896586e73
2009.0/i586/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.i586.rpm
e8c48c52588f2719f4477bd588a210e5
2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f328d661822d91ea96411873510d55a1
2009.0/x86_64/graphicsmagick-1.2.5-2.1mdv2009.0.x86_64.rpm
7c39f2425fd207884b8e3f49213a3672
2009.0/x86_64/graphicsmagick-doc-1.2.5-2.1mdv2009.0.x86_64.rpm
0f91690c6f3a4112620ada0c6e80df28
2009.0/x86_64/lib64graphicsmagick2-1.2.5-2.1mdv2009.0.x86_64.rpm
e98d6aa7020984f6e817a3105a30ab10
2009.0/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdv2009.0.x86_64.rpm
686314b6625518838d61ed562c89c6d5
2009.0/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdv2009.0.x86_64.rpm
870431de7df0e8dbe2a8c588f0ad3629
2009.0/x86_64/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.x86_64.rpm
e8c48c52588f2719f4477bd588a210e5
2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
1693b9ca4197dbf72f94189db6f0499f
2009.1/i586/graphicsmagick-1.3.5-3.1mdv2009.1.i586.rpm
e64fff1e11cc9fd784cf40a68fb83ce2
2009.1/i586/graphicsmagick-doc-1.3.5-3.1mdv2009.1.i586.rpm
ace0b64ba38707177673b575d1b7fd1e
2009.1/i586/libgraphicsmagick3-1.3.5-3.1mdv2009.1.i586.rpm
9d8cbbbddbf00b31ee48e107445c2462
2009.1/i586/libgraphicsmagick-devel-1.3.5-3.1mdv2009.1.i586.rpm
99ac37adadabaf98c7720025759d915b
2009.1/i586/libgraphicsmagickwand2-1.3.5-3.1mdv2009.1.i586.rpm
97b7e9fc53aa4afcf619680dac0afcbd
2009.1/i586/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.i586.rpm
fd715587e7428cec0c3c23f1d4c8e661
2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
20dde6f65a3ebd697191211926cea2ef
2009.1/x86_64/graphicsmagick-1.3.5-3.1mdv2009.1.x86_64.rpm
319b9e53b539ad877233cda40a55b186
2009.1/x86_64/graphicsmagick-doc-1.3.5-3.1mdv2009.1.x86_64.rpm
799adaca0cacebdec02395a9b6f1bf3d
2009.1/x86_64/lib64graphicsmagick3-1.3.5-3.1mdv2009.1.x86_64.rpm
064d5996166fe1d63e8fa1eb350174eb
2009.1/x86_64/lib64graphicsmagick-devel-1.3.5-3.1mdv2009.1.x86_64.rpm
115637052c1a6b5cde336a8e3761e3d9
2009.1/x86_64/lib64graphicsmagickwand2-1.3.5-3.1mdv2009.1.x86_64.rpm
189599de476bec866496d35320e4a469
2009.1/x86_64/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.x86_64.rpm
fd715587e7428cec0c3c23f1d4c8e661
2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
5af9093aeeae64e9ff3a90a63bd50017
mes5/i586/graphicsmagick-1.2.5-2.1mdvmes5.i586.rpm
fc35a1bc507a71cc90f3d569c682cd06
mes5/i586/graphicsmagick-doc-1.2.5-2.1mdvmes5.i586.rpm
43d10eadd49298810e3e37baa19f7430
mes5/i586/libgraphicsmagick2-1.2.5-2.1mdvmes5.i586.rpm
6a7c0c644593553bea55bf98c1b24cd3
mes5/i586/libgraphicsmagick-devel-1.2.5-2.1mdvmes5.i586.rpm
76704988afff3625e0814a621dd49fee
mes5/i586/libgraphicsmagickwand1-1.2.5-2.1mdvmes5.i586.rpm
4dd6800e94973d4a7c255f7be2387fd2
mes5/i586/perl-Graphics-Magick-1.2.5-2.1mdvmes5.i586.rpm
d0550ac4fde734f40c14e36f8f53bfde
mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
24d9d94dc4653a1b929d00014474ea6e
mes5/x86_64/graphicsmagick-1.2.5-2.1mdvmes5.x86_64.rpm
6435f7e5a1020eb44e7b0c030f163b24
mes5/x86_64/graphicsmagick-doc-1.2.5-2.1mdvmes5.x86_64.rpm
007696bf76e4de0507499a1de77cba52
mes5/x86_64/lib64graphicsmagick2-1.2.5-2.1mdvmes5.x86_64.rpm
dbbe2432dfd9120db55174a02bc907a2
mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdvmes5.x86_64.rpm
240e28c719fdb4164614657848414e2f
mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdvmes5.x86_64.rpm
357feb2306b576c86d24e01de3537ee3
mes5/x86_64/perl-Graphics-Magick-1.2.5-2.1mdvmes5.x86_64.rpm
d0550ac4fde734f40c14e36f8f53bfde
mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKzn4gmqjQ0CJFipgRAromAKCUnVp547cdMFX6J7zFPN7RsZaMrQCfY2/H
/jdE1z3d1RDRbTdlci4D1Vo=
=aNcz
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/