MDKSA-2004:102 - Updated ImageMagick packages fix arbitray code execution vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ImageMagick
Advisory ID: MDKSA-2004:102
Date: September 22nd, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Several buffer overflow vulnerabilities in ImageMagick were discovered
by Marcus Meissner from SUSE. These vulnerabilities would allow an
attacker to create a malicious image or video file in AVI, BMP, or DIB
formats which could crash the reading process. It may be possible to
create malicious images that could also allow for the execution of
arbitray code with the privileges of the invoking user or process.
The updated packages provided are patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0827
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
e0d33be5141bfa0b6d013e22204419dd
10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.i586.rpm
826f4b832385039c1835dfd546e51e5d
10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.i586.rpm
9499f47a8af648b0f96c620590d8e2f8
10.0/RPMS/libMagick5.5.7-5.5.7.15-6.1.100mdk.i586.rpm
3e4a3b0039d0d5f78064f0ba4c8c5388
10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.1.100mdk.i586.rpm
b741e8cecbbd13bd15a54a396e59b914
10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.i586.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde
10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
58ca93e0ef1c1e1d749a3047e292ee3c
amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.amd64.rpm
8b60b43ba1fa7283799960c24804d3f9
amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.amd64.rpm
464bd971bfd44076dfe29e59875b2bb4
amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.1.100mdk.amd64.rpm
17dd5dad3d9d5de56f88cdae6aadb14c
amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.1.100mdk.amd64.rpm
9d68bca88077c35abc41ec456b4a9526
amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.amd64.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde
amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm
Corporate Server 2.1:
6d439c325ad66f229149a0a4cb34d9d3
corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.i586.rpm
05f2891d63884af9bbab27b857a97cd9
corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.i586.rpm
e7ed78117793fb6694c472405937d737
corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.i586.rpm
45b737c64a896eebddaf83691b995479
corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.i586.rpm
6b931bb88f72a454a38f5ac45d6474c3
corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
8bf02e24638562da3db142666e60182c
x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.x86_64.rpm
052c5e5f275cb21ce37bd7d6334d12d1
x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.x86_64.rpm
984fdf326480ee7470c5f98b24baf07e
x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.x86_64.rpm
8c16b6f7a2098b1aa03b74b2ea184922
x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.x86_64.rpm
6b931bb88f72a454a38f5ac45d6474c3
x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm
Mandrakelinux 9.2:
abbbed347fae9483f334737d1b9a1bbd
9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.i586.rpm
0de435dfd5a8ed03dc553bd5250a917d
9.2/RPMS/libMagick5.5.7-5.5.7.10-7.1.92mdk.i586.rpm
080f77b2b43fbfaad76ec90031e4f267
9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.1.92mdk.i586.rpm
ffe89c240ee427f7059ea00a106bcb2b
9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.i586.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde
9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm
Mandrakelinux 9.2/AMD64:
d0f05cf8b87697c22e4a745cfd7b619d
amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.amd64.rpm
5fd03959e72c269e8c3bb946f808b08d
amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.1.92mdk.amd64.rpm
1e579e8b745e89336d354602165511f5
amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.1.92mdk.amd64.rpm
0d51cb15a1ea7ba74981a40722477118
amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.amd64.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde
amd64/9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBUfCrmqjQ0CJFipgRAlaOAJ90flh/uUKae/g/JMa6z/wb8IEOzACg9l9j
4orjN6fbRO5eKAL2xRMYuuI=
=dxxd
-----END PGP SIGNATURE-----