BugTraq
[ MDVSA-2013:092 ] imagemagick Apr 09 2013 07:08PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:092
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : imagemagick
Date : April 9, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated imagemagick packages fix security vulnerability:

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6
and earlier does not use the proper variable type for the allocation
size, which might allow remote attackers to cause a denial of service
(crash) via a crafted PNG file that triggers incorrect memory
allocation (CVE-2012-3437).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
7fe90bbb731ad0fb0e55747124e8fd96 mbs1/x86_64/imagemagick-6.7.5.10-3.1.mbs1.x86_64.rpm
cf159673fde6b441f0137b15bb510ba5 mbs1/x86_64/imagemagick-desktop-6.7.5.10-3.1.mbs1.x86_64.rpm
c4ac324ad2db40dc77981f4e1da94338 mbs1/x86_64/imagemagick-doc-6.7.5.10-3.1.mbs1.noarch.rpm
16f52283a58f5b4b3abc3c56996e0347 mbs1/x86_64/lib64magick5-6.7.5.10-3.1.mbs1.x86_64.rpm
9a57af08989ab5f8f9088e23e0e95d8e mbs1/x86_64/lib64magick-devel-6.7.5.10-3.1.mbs1.x86_64.rpm
1371d8af8b006937fc280f1fda7c342a mbs1/x86_64/perl-Image-Magick-6.7.5.10-3.1.mbs1.x86_64.rpm
2734ec58b49b08b1024b8b276f2876d5 mbs1/SRPMS/imagemagick-6.7.5.10-3.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZDz3mqjQ0CJFipgRAhV3AJ0QZ1Vxwc5POmi2TDXv69CoMLtwWwCgoqP3
vTiExmbyWe83nAa2oUwJFeE=
=kJtK
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus