NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2004-12

MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability

From: Mandrake Linux Security Team (securitylinux-mandrake.com)
Date: Mon Dec 06 2004 - 20:25:26 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: ImageMagick
Advisory ID: MDKSA-2004:143
Date: December 6th, 2004

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability was discovered in ImageMagick where, due to a boundary
error within the EXIF parsing routine, a specially crafted graphic
image could potentially lead to the execution of arbitrary code.

The updated packages have been patched to prevent this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
fe92759494d57d9e1482c433c54ff869 10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.i586.rpm
82051cb81cfffc7b8279e1742c3880ce 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.i586.rpm
39e259e655fff8913df660306935125c 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.2.100mdk.i586.rpm
7e410a3e45e5cdc1eb057c8fd3adfe22 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.2.100mdk.i586.rpm
692f423d2600551d7cd84fe62e24d500 10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.i586.rpm
b37e69f00c2da1981d41e1bc54af9878 10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6f18d320751f01ca8e9688d3cf8cccd1 amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.amd64.rpm
d7d239cd8efa17b5e21107b0b92cf9f3 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.amd64.rpm
ee5bb6ae21ce8eecf2442da8ea32ffac amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.2.100mdk.amd64.rpm
894a86a229adc51026c349ff54ded4da amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.2.100mdk.amd64.rpm
986347b3262f0dd694be0cb37cec486c amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.amd64.rpm
b37e69f00c2da1981d41e1bc54af9878 amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm

Mandrakelinux 10.1:
4ccc141762e2d463fd1d6090d0a2479e 10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.i586.rpm
41dac1ea340c626a2d4da2b744795d06 10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.i586.rpm
b2d6559795c8ea2f585728c9cbb90b89 10.1/RPMS/libMagick6.4.0-6.0.4.4-5.1.101mdk.i586.rpm
f7d73070aa5df624aee251815dda2410 10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.1.101mdk.i586.rpm
f44f3ea752dd71f1bcb73de523ca81f5 10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.i586.rpm
1936104c39b2dde2b3ae2090a17729d0 10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ef8444748bc2d0e77b608a9b9e636529 x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.x86_64.rpm
a6f42198fa5be410d009591cd0078b09 x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.x86_64.rpm
e67708b273f2efc51a5a590d8d455ac3 x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.1.101mdk.x86_64.rpm
631cadb3f879a7c6fc302ef423b60cbe x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.1.101mdk.x86_64.rpm
a3a7c6ca5b75c9517083b0363c3ae899 x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.x86_64.rpm
1936104c39b2dde2b3ae2090a17729d0 x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm

Corporate Server 2.1:
3c979ba44b8667a13273abaf1ef9fbc5 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.i586.rpm
908645c9feb865bcd2346e85f2d3cccc corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.i586.rpm
6817b5c307373bb5bcfd8704038ab170 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.i586.rpm
161aada567715e12e582bd20cd45d7c0 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.i586.rpm
88e04a437b8c98bdf97c78af7c888524 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
b483d3bde5a5abaf12f11b16350efc61 x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.x86_64.rpm
507d84144336030bbcb5aa9520fec9d3 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.x86_64.rpm
8e6350a79310b07245b30d4a485be26b x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.x86_64.rpm
f0707d9c21b117babf0cd4c1336057a9 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.x86_64.rpm
88e04a437b8c98bdf97c78af7c888524 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm

Mandrakelinux 9.2:
7d8071b2ab19ba89fb8ddc8b2f857ee3 9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.i586.rpm
67f7869416b518d4def7ae076ee06e39 9.2/RPMS/libMagick5.5.7-5.5.7.10-7.2.92mdk.i586.rpm
13d01e0ea997978bda6bbc9e7223745e 9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.2.92mdk.i586.rpm
ceef914612ea8f8b6debe257319001cd 9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.i586.rpm
f7b8e971d13a1b7332353d291b2f774c 9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
e4088933c94ed867ad9fc101944a8fa6 amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.amd64.rpm
b5ecbbb86878b3d09daf617029a383bc amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.2.92mdk.amd64.rpm
ea7eb11d9bfa0ed0689316f0fa87171c amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.2.92mdk.amd64.rpm
5931f9e045956d2d85a23083d20f27fd amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.amd64.rpm
f7b8e971d13a1b7332353d291b2f774c amd64/9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBtRSWmqjQ0CJFipgRAvkvAKDKF8uifBWYCelxiceJovWsLxwPHgCeMn0x
Xh2cjwpkAAsqZhAnfzXjuX8=
=i9xH
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]