BugTraq
[ MDVSA-2012:165 ] graphicsmagick Oct 12 2012 02:08PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:165
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphicsmagick
Date : October 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in graphicsmagick:

The Magick_png_malloc function in coders/png.c in GraphicsMagick
6.7.8-6 does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3438).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
367a67379d3161b66b3db37c56297eb3 2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
d3519a5408d1eeda3db286bc857a4bbb 2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
65bb6c899b011afea13e8321dd3bdd32 2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
101c43d52b1620343e1e81e3c6e3506f 2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
67f5ef6ae5acea07bca6560a5bcf2c92 2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
ee2e0fbe97ff041178d21590cc3c8153 2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Linux 2011/X86_64:
a957e7a56e08336b51e79554746f14af 2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
67f2ce45766afef7b4d6077c7ce74ab3 2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
cb565440ed807e22b90c7b39b569cd7f 2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
f1e444f58c1c34e82730cc33274f9be4 2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
d905ad3b3e4721b93a1c73c03904b736 2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
59da14c146f61c83e7328ed4e47d03c5 2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Enterprise Server 5:
35bee93bbe7b07c5ef40d0cdc9666780 mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
4dee9ac6d19b7e09400c76ac037e5cb3 mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
fb0efbcf6b45c99f8706a92176352da9 mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
fc5b40ab4b47d843890db033a7ac33bc mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
43a3600fdbacf3835e7c50f1a3b53013 mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
1fc18562b79267c9042d12e3803e62ba mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm
6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
5eed0706962564085444d6ad9c257c6a mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
a1cec283ea30e3e0150b455df66aaae5 mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
23faf2af638b0b8170e4e1ec52ff796d mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
9e5200bb525b14741d2acd65e127e41e mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
5e73b553cbad16496b2e4814a4315789 mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
210e0928dbbc3d101e58d7dd93605d54 mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm
6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/dAmqjQ0CJFipgRAqQnAKCdc7msYWca9F4ureZDQAS9qpFdbgCgjIsI
MioOqERuxDOczXS0BQiqvTw=
=/jcp
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus