exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.147

Mandriva Linux Security Advisory 2007.147
Posted Jul 23, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1667, CVE-2007-1797
SHA-256 | e750eae12797936836380b41923827acf218aeba3377097f5eef5a05078aed28

Mandriva Linux Security Advisory 2007.147

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:147
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ImageMagick
Date : July 20, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in how ImageMagick handles
DCM and XWD image files. If a user were tricked into processing a
specially crafted image file with an application that uses ImageMagick,
an attacker could cause a heap-based buffer overflow and possibly
execute arbitrary code with the user's privileges.

The updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
343587ddd298b9dfb7dc6c5caecb70d0 2007.0/i586/ImageMagick-6.2.9.2-1.3mdv2007.0.i586.rpm
fcce307ef73994175a3d51137266a6af 2007.0/i586/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.i586.rpm
64bd268c6592b10f44adc22c16c8034b 2007.0/i586/libMagick10.4.0-6.2.9.2-1.3mdv2007.0.i586.rpm
83bdd365ddaebdeba93669741053d998 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.3mdv2007.0.i586.rpm
da2075d33957e1cfd48bca48e6045366 2007.0/i586/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.i586.rpm
9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
96bdffd605ca39d1dc0a679cef1ac7fc 2007.0/x86_64/ImageMagick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
6889ad0d3b9b99744f4e3d245fa09a94 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.x86_64.rpm
3d58aa4195fcb658853bd515103e9434 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.3mdv2007.0.x86_64.rpm
5eddebd9cae0bf6e9aedf8542e880ae1 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.3mdv2007.0.x86_64.rpm
290cd11e7d80cc96cf633c12aa0907ce 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
eb87e7c334209c8684a1b67445720fd7 2007.1/i586/ImageMagick-6.3.2.9-5.1mdv2007.1.i586.rpm
3ae9d9d49b46f327efbcf35967700011 2007.1/i586/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.i586.rpm
729b308b20fa3fdf18e262a4da4092d8 2007.1/i586/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.i586.rpm
174bd6a073bc802246d6e97b1995174e 2007.1/i586/libMagick10.7.0-6.3.2.9-5.1mdv2007.1.i586.rpm
ffe8d8e96f27eb2b5767f587c03d1c3f 2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.1mdv2007.1.i586.rpm
94b7c633860dca3e15f6f93b9690bc06 2007.1/i586/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.i586.rpm
8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
2321dfeec60cd7aa9d10e4b2d3e95c15 2007.1/x86_64/ImageMagick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
3cab45fe3f4f5d122645de4fe1bf9c03 2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.x86_64.rpm
03b60841608c2ccb09f97befca901906 2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.x86_64.rpm
209cc68583cc4daf0fa9ebd425c94007 2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.1mdv2007.1.x86_64.rpm
edcf84ea5290d2e92ddc2e2cd1f21a03 2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.1mdv2007.1.x86_64.rpm
43ba4dd5a323036259b1b5fdecc2076b 2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

Corporate 3.0:
16813a44dac74871a5db809ce9f9e002 corporate/3.0/i586/ImageMagick-5.5.7.15-6.11.C30mdk.i586.rpm
57b4e7c0600b065753442c4b5e221b20 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.11.C30mdk.i586.rpm
0cc167ebf831e7480ae074bd16c15b75 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.11.C30mdk.i586.rpm
25f93102616d5e30e97c145f13a35726 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.11.C30mdk.i586.rpm
60e2ad207a60aaa172f4e3d0f024c122 corporate/3.0/i586/perl-Magick-5.5.7.15-6.11.C30mdk.i586.rpm
14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

Corporate 3.0/X86_64:
593bbef64a1dd8be7dff37021a504812 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.11.C30mdk.x86_64.rpm
7b9998a9e7f0f653aa57db89c27cb15b corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.11.C30mdk.x86_64.rpm
6c7492a96b986962b8f8f9f7925bde8d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.11.C30mdk.x86_64.rpm
22f51cc5c770c95958f5e3c344748f5c corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.11.C30mdk.x86_64.rpm
aefed15ea641344181dddd4ec35752c0 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.11.C30mdk.x86_64.rpm
14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

Corporate 4.0:
95973160bd68a3aed051806372901781 corporate/4.0/i586/ImageMagick-6.2.4.3-1.6.20060mlcs4.i586.rpm
abde3c8490d43ae6420d0d9956f2aee5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.i586.rpm
b6d7c4e7eb3129d9dd7a54fb01ef8092 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.6.20060mlcs4.i586.rpm
d84c750f874a5208012029e3583cb9e4 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.i586.rpm
f675bf9dca0952142beb708f4810b9c7 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.i586.rpm
a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
932916789e755403722596bc6ff5db77 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
4450c7359f47f2dd7bc6792ede57a4e2 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
90666c9e1ed0ac69283ca78892f621ab corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
b55e2d4e7bea0f4f6c7ff76cb7cf5b7b corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
c2e233ddc77013d62169ea4cb4a1d56f corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGoSrZmqjQ0CJFipgRAtMxAJ9M8C7e4HWz1dumgv8FLsGKJVKCmwCg39ku
W9krF68ToP8F3PwDJxnUjas=
=SyYs
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close