what you don't know can hurt you

Mandriva Linux Security Advisory 2012-165

Mandriva Linux Security Advisory 2012-165
Posted Oct 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-165 - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3438
MD5 | 6d6debaed053270128c6e1cb24e71089

Mandriva Linux Security Advisory 2012-165

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:165
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphicsmagick
Date : October 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in graphicsmagick:

The Magick_png_malloc function in coders/png.c in GraphicsMagick
6.7.8-6 does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3438).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
367a67379d3161b66b3db37c56297eb3 2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
d3519a5408d1eeda3db286bc857a4bbb 2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
65bb6c899b011afea13e8321dd3bdd32 2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
101c43d52b1620343e1e81e3c6e3506f 2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
67f5ef6ae5acea07bca6560a5bcf2c92 2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
ee2e0fbe97ff041178d21590cc3c8153 2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Linux 2011/X86_64:
a957e7a56e08336b51e79554746f14af 2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
67f2ce45766afef7b4d6077c7ce74ab3 2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
cb565440ed807e22b90c7b39b569cd7f 2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
f1e444f58c1c34e82730cc33274f9be4 2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
d905ad3b3e4721b93a1c73c03904b736 2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
59da14c146f61c83e7328ed4e47d03c5 2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Enterprise Server 5:
35bee93bbe7b07c5ef40d0cdc9666780 mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
4dee9ac6d19b7e09400c76ac037e5cb3 mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
fb0efbcf6b45c99f8706a92176352da9 mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
fc5b40ab4b47d843890db033a7ac33bc mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
43a3600fdbacf3835e7c50f1a3b53013 mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
1fc18562b79267c9042d12e3803e62ba mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm
6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
5eed0706962564085444d6ad9c257c6a mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
a1cec283ea30e3e0150b455df66aaae5 mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
23faf2af638b0b8170e4e1ec52ff796d mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
9e5200bb525b14741d2acd65e127e41e mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
5e73b553cbad16496b2e4814a4315789 mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
210e0928dbbc3d101e58d7dd93605d54 mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm
6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/dAmqjQ0CJFipgRAqQnAKCdc7msYWca9F4ureZDQAS9qpFdbgCgjIsI
MioOqERuxDOczXS0BQiqvTw=
=/jcp
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close