[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:260 ] imagemagick
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:260 ] imagemagick
- From: security@xxxxxxxxxxxx
- Date: Fri, 09 Oct 2009 05:26:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:260
http://www.mandriva.com/security/
_______________________________________________________________________
Package : imagemagick
Date : August 8, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ImageMagick,
which could lead to integer overflow in the XMakeImage function in
magick/xwindow.c, allowing remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted
TIFF file, which triggers a buffer overflow (CVE-2009-1882).
This update fixes this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
000d32ef4c7a210f723bb8abca2369a1
2008.1/i586/imagemagick-6.3.8.9-1.1mdv2008.1.i586.rpm
3bb088effcf1578730669f7090715a79
2008.1/i586/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.i586.rpm
31eb071ed1805064709079f359bdccd1
2008.1/i586/imagemagick-doc-6.3.8.9-1.1mdv2008.1.i586.rpm
6201b7e4a52ef6c7835ca0002d33dade
2008.1/i586/libmagick1-6.3.8.9-1.1mdv2008.1.i586.rpm
ac1d144fb0f3b1b9c2f728b6c1fa7d38
2008.1/i586/libmagick-devel-6.3.8.9-1.1mdv2008.1.i586.rpm
98a34a50e775d92bb88d41e01beed2c8
2008.1/i586/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.i586.rpm
8dc8984568f0e766616f2b1a8d6ffb3f
2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
568ecc8b6e1d1927f8193daf92a6d822
2008.1/x86_64/imagemagick-6.3.8.9-1.1mdv2008.1.x86_64.rpm
46f7fb348d6b11c30e2f53c7b65552cf
2008.1/x86_64/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.x86_64.rpm
4d5a62dff9b657c5ad24103adf5534fe
2008.1/x86_64/imagemagick-doc-6.3.8.9-1.1mdv2008.1.x86_64.rpm
1db6951bf26fb55b071ce965db0936c5
2008.1/x86_64/lib64magick1-6.3.8.9-1.1mdv2008.1.x86_64.rpm
3d9cf389175542631f558677b23d6b9e
2008.1/x86_64/lib64magick-devel-6.3.8.9-1.1mdv2008.1.x86_64.rpm
6aa6c28c70a270a5bfa3f18e33e0db0f
2008.1/x86_64/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.x86_64.rpm
8dc8984568f0e766616f2b1a8d6ffb3f
2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
5864e9f2d4a68acf190615abd5f46f7e
2009.0/i586/imagemagick-6.4.2.10-5.1mdv2009.0.i586.rpm
a16e207372431f6087ca52339eeed188
2009.0/i586/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.i586.rpm
8eb2185217957bcb40b83a79d579a76e
2009.0/i586/imagemagick-doc-6.4.2.10-5.1mdv2009.0.i586.rpm
d922a7bb2f34cff1e646a9e8006d1ba8
2009.0/i586/libmagick1-6.4.2.10-5.1mdv2009.0.i586.rpm
6b5e5feef320022373fef83699daff57
2009.0/i586/libmagick-devel-6.4.2.10-5.1mdv2009.0.i586.rpm
c6829d7f1f6d2822ee1eff9f8d864ae8
2009.0/i586/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.i586.rpm
64160117ddae7e1b63afe0ad2501c03f
2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
752d78e34f8af293dbc256ccce753537
2009.0/x86_64/imagemagick-6.4.2.10-5.1mdv2009.0.x86_64.rpm
f9bf9850b50914e6df3ffed1f8134aef
2009.0/x86_64/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.x86_64.rpm
a23f78e65f43a72a96f9e2b3e02c128f
2009.0/x86_64/imagemagick-doc-6.4.2.10-5.1mdv2009.0.x86_64.rpm
6a5c32996c31efa050af82ebc6bf4d69
2009.0/x86_64/lib64magick1-6.4.2.10-5.1mdv2009.0.x86_64.rpm
6b0e93615ac03d283db4a51ad29ed21f
2009.0/x86_64/lib64magick-devel-6.4.2.10-5.1mdv2009.0.x86_64.rpm
1af2852fd61de493222f0bcf2d6577cb
2009.0/x86_64/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.x86_64.rpm
64160117ddae7e1b63afe0ad2501c03f
2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
f2593b7f31dcb185746313e65aff44f7
2009.1/i586/imagemagick-6.5.0.2-1.1mdv2009.1.i586.rpm
e988e6b818ed5c02bd7a5ff148417b00
2009.1/i586/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.i586.rpm
6d236c544e26afed4ef50e47686d872e
2009.1/i586/imagemagick-doc-6.5.0.2-1.1mdv2009.1.i586.rpm
ddfdcefc6e06b96af42465299babbf10
2009.1/i586/libmagick2-6.5.0.2-1.1mdv2009.1.i586.rpm
40770452d4b337bfe1f10748edf709dc
2009.1/i586/libmagick-devel-6.5.0.2-1.1mdv2009.1.i586.rpm
b00fc21d70701d23202007369d33ae06
2009.1/i586/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.i586.rpm
4059b2a924977c1fd32957f0f795dc47
2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
d7fdb4d090e6eb3d597a03d91b595022
2009.1/x86_64/imagemagick-6.5.0.2-1.1mdv2009.1.x86_64.rpm
9843947fcb53123bca7c8102c5aaef86
2009.1/x86_64/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.x86_64.rpm
9cc98f238a7f91e46e000c6b0bcfa28a
2009.1/x86_64/imagemagick-doc-6.5.0.2-1.1mdv2009.1.x86_64.rpm
83b07458a85288b2bbeac339bf498157
2009.1/x86_64/lib64magick2-6.5.0.2-1.1mdv2009.1.x86_64.rpm
52cd08d348b044831a9c01b614f3a3d2
2009.1/x86_64/lib64magick-devel-6.5.0.2-1.1mdv2009.1.x86_64.rpm
1faa5bb19ef4b7452a4fd0feab51b4a4
2009.1/x86_64/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.x86_64.rpm
4059b2a924977c1fd32957f0f795dc47
2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm
Corporate 3.0:
645ec451082e58239f0489a3fab44238
corporate/3.0/i586/ImageMagick-5.5.7.15-6.13.C30mdk.i586.rpm
8310e2514914d4e7d344ba74b7f919a3
corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.13.C30mdk.i586.rpm
3012207a86e1f5610aba7f3109e19cd7
corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.13.C30mdk.i586.rpm
76b19c2f7536f1cb2e06c542540aa9af
corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.13.C30mdk.i586.rpm
f06f03723173bc820fe53efe43ab8c97
corporate/3.0/i586/perl-Magick-5.5.7.15-6.13.C30mdk.i586.rpm
ea14d890c45ca09b19c48f88ba50c133
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
496d83839bfeb45fcbf39e5c1918b9b3
corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.3.100mdk.x86_64.rpm
ea4fd434431ddceadd32c5ccc87b58ce
corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.3.100mdk.x86_64.rpm
8c941260c67e4aab1a3ce8373485281d
corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.x86_64.rpm
b41e2a5118973a036efdcac43324cf81
corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.x86_64.rpm
746b63d1b815ffb216c7d934c6054426
corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.3.100mdk.x86_64.rpm
ea14d890c45ca09b19c48f88ba50c133
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm
Corporate 4.0:
66c83e2b4c0a89aa486fe5eb3ea27afe
corporate/4.0/i586/ImageMagick-6.2.4.3-1.9.20060mlcs4.i586.rpm
b1886a35f1a2a2129a6501275b678b71
corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.i586.rpm
2847cd7464510d150178b4463aac5c80
corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.9.20060mlcs4.i586.rpm
629bb7b26373844d677d2499bf154f66
corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.i586.rpm
d05ef57b7fbbbfe5b982c09fab10ede2
corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.i586.rpm
ad99ab7db500fd2afb62120088cc4d28
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
69517bf25c2493f61b603aa58bf5b171
corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
bc9bdd25c5ee2900f9f5beac206f698f
corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
3f6e510d8cfa8b8e718ccac2aaab3a60
corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
87ca291036ffb59c08611042c99ea83c
corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
63bcd120edab25c9c947c43e7dc9bfcd
corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm
ad99ab7db500fd2afb62120088cc4d28
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
1a37840782a8ae1bab37f50b81fc0134
mes5/i586/imagemagick-6.4.2.10-5.1mdvmes5.i586.rpm
22e54f467f3d46666271a581a9a96e88
mes5/i586/imagemagick-desktop-6.4.2.10-5.1mdvmes5.i586.rpm
5e9c329e028cc589d963af48d4102910
mes5/i586/imagemagick-doc-6.4.2.10-5.1mdvmes5.i586.rpm
06e75470dc9554fd589e11ff6eacc1ae
mes5/i586/libmagick1-6.4.2.10-5.1mdvmes5.i586.rpm
354edabae7e2b0e2dea687111137ef62
mes5/i586/libmagick-devel-6.4.2.10-5.1mdvmes5.i586.rpm
69f0d7c697752df502404ce598ce8601
mes5/i586/perl-Image-Magick-6.4.2.10-5.1mdvmes5.i586.rpm
7514326c9caa396cf19303c9c3fe8bb2
mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
f4626dafbdabba314cb91035476f8d6a
mes5/x86_64/imagemagick-6.4.2.10-5.1mdvmes5.x86_64.rpm
bf3b2922a0da494815d1d9e5d43f68f7
mes5/x86_64/imagemagick-desktop-6.4.2.10-5.1mdvmes5.x86_64.rpm
7f4e33fc5398d302d408ed8ac9476bf8
mes5/x86_64/imagemagick-doc-6.4.2.10-5.1mdvmes5.x86_64.rpm
283844cc3e0be95dfc5b90d10225d3d4
mes5/x86_64/lib64magick1-6.4.2.10-5.1mdvmes5.x86_64.rpm
a6eb1b319874c2080f8b1759d280ee65
mes5/x86_64/lib64magick-devel-6.4.2.10-5.1mdvmes5.x86_64.rpm
04ccec2c19e2f9aedd4fed4df3b4e934
mes5/x86_64/perl-Image-Magick-6.4.2.10-5.1mdvmes5.x86_64.rpm
7514326c9caa396cf19303c9c3fe8bb2
mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKzn36mqjQ0CJFipgRAm1oAJ4/rmywtwmIUNsUAL6JwlHTXMkUFgCg2jZ2
z3CtOJKMPXSkoU0jFrEETgU=
=CJdS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/