[Security Announce] [ MDKSA-2006:223 ] - Updated ImageMagick packages fixes vulnerability
Posted on: 12/02/2006 03:00 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:223
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ImageMagick
Date : December 1, 2006
Affected: 2006.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2
before 6.2.4.5, has unknown impact and user-assisted attack vectors via
a crafted SGI image.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
df62dd8449b08426a4188d5959b3f823 2006.0/i586/ImageMagick-6.2.4.3-1.4.20060mdk.i586.rpm
e87bbddff33171aae89d1d08400907a7 2006.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mdk.i586.rpm
8755d8beabe9a85f3e7a07b73d071c59 2006.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mdk.i586.rpm
2b6ae5e3b4c8e187e095442e7dcd5c24 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mdk.i586.rpm
d7e61aa5943b52eb374b0a2e44232e93 2006.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mdk.i586.rpm
e5875ef8dd63237d5c7c74a441b123fc 2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
973d1bb7026248e93c9f1a16eba0cfaf 2006.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mdk.x86_64.rpm
ca759633ecf8ef52b1c34f55d5a3af6d 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mdk.x86_64.rpm
f65de07d50364a3c861f50ce6f11fee4 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mdk.x86_64.rpm
c9e86c379bdfeb36e25bfd34e094b921 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mdk.x86_64.rpm
9d58fe1606d8f1f0f6a225df3ac58b48 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mdk.x86_64.rpm
e5875ef8dd63237d5c7c74a441b123fc 2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm

Corporate 3.0:
fc15d48d236f0d1f738c795190081ddd corporate/3.0/i586/ImageMagick-5.5.7.15-6.9.C30mdk.i586.rpm
3ba801afddeb42759aebd891971b5fce corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.9.C30mdk.i586.rpm
35c8a337172b91501486381be4e0aa7d corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.9.C30mdk.i586.rpm
3273f233005c79adf0602ade443de675 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.9.C30mdk.i586.rpm
8dfce9d9e00005e990c1203c1144ac34 corporate/3.0/i586/perl-Magick-5.5.7.15-6.9.C30mdk.i586.rpm
3cf9bff07102ada97373a66c5f4c6e05 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
0f8193fed5ac7b344398b9e99fe5bccb corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.9.C30mdk.x86_64.rpm
bdae28be1bcacf4f5bc6d9bdfa589cbd corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.9.C30mdk.x86_64.rpm
fa4a5fe3e447770c33ef0596da8570fb corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.9.C30mdk.x86_64.rpm
8af081adcd750d5edec44bf1e85e5c7d corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.9.C30mdk.x86_64.rpm
e238642447217ade5a772c4b12b492b3 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.9.C30mdk.x86_64.rpm
3cf9bff07102ada97373a66c5f4c6e05 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm

Corporate 4.0:
dde2f028a95732f3d5fd5bfd48ede727 corporate/4.0/i586/ImageMagick-6.2.4.3-1.4.20060mlcs4.i586.rpm
6affed772cabdc8e8eb6e6ed96efb178 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.i586.rpm
426d44c76834a660ea48c09719048de2 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mlcs4.i586.rpm
4cc0f80f0bbfdbc1c26a497f14e2dd0d corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.i586.rpm
9deab133788e00cf6487a057042c3ae0 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.i586.rpm
0b75266159c73fcb8a0f7027d208bee2 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
283a0751148b3468bd3e2281d819f08d corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
48ee2e7835b97a89e27342c3a27db913 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
fad038ed56f886f4656302721a616578 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
17b7841d6459f0a52662f43d16f09771 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
dbcfd793204ead891cbf779c1075287e corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm
0b75266159c73fcb8a0f7027d208bee2 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFcJi1mqjQ0CJFipgRAoCvAJ9sJwsy6KmxvLwFtEyFiCoLvVHIaACgj+2v
kI0mULDMWX7ydgtZ+bArC40=
=m55O
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006223__updated_imagemagick_packages_fixes_vulnerability.html)