From security@linux-mandrake.com Mon Dec 6 23:37:27 2004 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 7 Dec 2004 02:25:26 -0000 Subject: [Full-Disclosure] MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: ImageMagick Advisory ID: MDKSA-2004:143 Date: December 6th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 ______________________________________________________________________ Problem Description: A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: fe92759494d57d9e1482c433c54ff869 10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.i586.rpm 82051cb81cfffc7b8279e1742c3880ce 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.i586.rpm 39e259e655fff8913df660306935125c 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.2.100mdk.i586.rpm 7e410a3e45e5cdc1eb057c8fd3adfe22 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.2.100mdk.i586.rpm 692f423d2600551d7cd84fe62e24d500 10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.i586.rpm b37e69f00c2da1981d41e1bc54af9878 10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 6f18d320751f01ca8e9688d3cf8cccd1 amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.amd64.rpm d7d239cd8efa17b5e21107b0b92cf9f3 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.amd64.rpm ee5bb6ae21ce8eecf2442da8ea32ffac amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.2.100mdk.amd64.rpm 894a86a229adc51026c349ff54ded4da amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.2.100mdk.amd64.rpm 986347b3262f0dd694be0cb37cec486c amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.amd64.rpm b37e69f00c2da1981d41e1bc54af9878 amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm Mandrakelinux 10.1: 4ccc141762e2d463fd1d6090d0a2479e 10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.i586.rpm 41dac1ea340c626a2d4da2b744795d06 10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.i586.rpm b2d6559795c8ea2f585728c9cbb90b89 10.1/RPMS/libMagick6.4.0-6.0.4.4-5.1.101mdk.i586.rpm f7d73070aa5df624aee251815dda2410 10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.1.101mdk.i586.rpm f44f3ea752dd71f1bcb73de523ca81f5 10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.i586.rpm 1936104c39b2dde2b3ae2090a17729d0 10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: ef8444748bc2d0e77b608a9b9e636529 x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.x86_64.rpm a6f42198fa5be410d009591cd0078b09 x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.x86_64.rpm e67708b273f2efc51a5a590d8d455ac3 x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.1.101mdk.x86_64.rpm 631cadb3f879a7c6fc302ef423b60cbe x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.1.101mdk.x86_64.rpm a3a7c6ca5b75c9517083b0363c3ae899 x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.x86_64.rpm 1936104c39b2dde2b3ae2090a17729d0 x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm Corporate Server 2.1: 3c979ba44b8667a13273abaf1ef9fbc5 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.i586.rpm 908645c9feb865bcd2346e85f2d3cccc corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.i586.rpm 6817b5c307373bb5bcfd8704038ab170 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.i586.rpm 161aada567715e12e582bd20cd45d7c0 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.i586.rpm 88e04a437b8c98bdf97c78af7c888524 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm Corporate Server 2.1/x86_64: b483d3bde5a5abaf12f11b16350efc61 x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.x86_64.rpm 507d84144336030bbcb5aa9520fec9d3 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.x86_64.rpm 8e6350a79310b07245b30d4a485be26b x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.x86_64.rpm f0707d9c21b117babf0cd4c1336057a9 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.x86_64.rpm 88e04a437b8c98bdf97c78af7c888524 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm Mandrakelinux 9.2: 7d8071b2ab19ba89fb8ddc8b2f857ee3 9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.i586.rpm 67f7869416b518d4def7ae076ee06e39 9.2/RPMS/libMagick5.5.7-5.5.7.10-7.2.92mdk.i586.rpm 13d01e0ea997978bda6bbc9e7223745e 9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.2.92mdk.i586.rpm ceef914612ea8f8b6debe257319001cd 9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.i586.rpm f7b8e971d13a1b7332353d291b2f774c 9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm Mandrakelinux 9.2/AMD64: e4088933c94ed867ad9fc101944a8fa6 amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.amd64.rpm b5ecbbb86878b3d09daf617029a383bc amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.2.92mdk.amd64.rpm ea7eb11d9bfa0ed0689316f0fa87171c amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.2.92mdk.amd64.rpm 5931f9e045956d2d85a23083d20f27fd amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.amd64.rpm f7b8e971d13a1b7332353d291b2f774c amd64/9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBtRSWmqjQ0CJFipgRAvkvAKDKF8uifBWYCelxiceJovWsLxwPHgCeMn0x Xh2cjwpkAAsqZhAnfzXjuX8= =i9xH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html