Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges.
e750eae12797936836380b41923827acf218aeba3377097f5eef5a05078aed28
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:147
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ImageMagick
Date : July 20, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in how ImageMagick handles
DCM and XWD image files. If a user were tricked into processing a
specially crafted image file with an application that uses ImageMagick,
an attacker could cause a heap-based buffer overflow and possibly
execute arbitrary code with the user's privileges.
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
343587ddd298b9dfb7dc6c5caecb70d0 2007.0/i586/ImageMagick-6.2.9.2-1.3mdv2007.0.i586.rpm
fcce307ef73994175a3d51137266a6af 2007.0/i586/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.i586.rpm
64bd268c6592b10f44adc22c16c8034b 2007.0/i586/libMagick10.4.0-6.2.9.2-1.3mdv2007.0.i586.rpm
83bdd365ddaebdeba93669741053d998 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.3mdv2007.0.i586.rpm
da2075d33957e1cfd48bca48e6045366 2007.0/i586/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.i586.rpm
9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
96bdffd605ca39d1dc0a679cef1ac7fc 2007.0/x86_64/ImageMagick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
6889ad0d3b9b99744f4e3d245fa09a94 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.x86_64.rpm
3d58aa4195fcb658853bd515103e9434 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.3mdv2007.0.x86_64.rpm
5eddebd9cae0bf6e9aedf8542e880ae1 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.3mdv2007.0.x86_64.rpm
290cd11e7d80cc96cf633c12aa0907ce 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
eb87e7c334209c8684a1b67445720fd7 2007.1/i586/ImageMagick-6.3.2.9-5.1mdv2007.1.i586.rpm
3ae9d9d49b46f327efbcf35967700011 2007.1/i586/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.i586.rpm
729b308b20fa3fdf18e262a4da4092d8 2007.1/i586/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.i586.rpm
174bd6a073bc802246d6e97b1995174e 2007.1/i586/libMagick10.7.0-6.3.2.9-5.1mdv2007.1.i586.rpm
ffe8d8e96f27eb2b5767f587c03d1c3f 2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.1mdv2007.1.i586.rpm
94b7c633860dca3e15f6f93b9690bc06 2007.1/i586/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.i586.rpm
8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
2321dfeec60cd7aa9d10e4b2d3e95c15 2007.1/x86_64/ImageMagick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
3cab45fe3f4f5d122645de4fe1bf9c03 2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.x86_64.rpm
03b60841608c2ccb09f97befca901906 2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.x86_64.rpm
209cc68583cc4daf0fa9ebd425c94007 2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.1mdv2007.1.x86_64.rpm
edcf84ea5290d2e92ddc2e2cd1f21a03 2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.1mdv2007.1.x86_64.rpm
43ba4dd5a323036259b1b5fdecc2076b 2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm
Corporate 3.0:
16813a44dac74871a5db809ce9f9e002 corporate/3.0/i586/ImageMagick-5.5.7.15-6.11.C30mdk.i586.rpm
57b4e7c0600b065753442c4b5e221b20 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.11.C30mdk.i586.rpm
0cc167ebf831e7480ae074bd16c15b75 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.11.C30mdk.i586.rpm
25f93102616d5e30e97c145f13a35726 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.11.C30mdk.i586.rpm
60e2ad207a60aaa172f4e3d0f024c122 corporate/3.0/i586/perl-Magick-5.5.7.15-6.11.C30mdk.i586.rpm
14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm
Corporate 3.0/X86_64:
593bbef64a1dd8be7dff37021a504812 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.11.C30mdk.x86_64.rpm
7b9998a9e7f0f653aa57db89c27cb15b corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.11.C30mdk.x86_64.rpm
6c7492a96b986962b8f8f9f7925bde8d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.11.C30mdk.x86_64.rpm
22f51cc5c770c95958f5e3c344748f5c corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.11.C30mdk.x86_64.rpm
aefed15ea641344181dddd4ec35752c0 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.11.C30mdk.x86_64.rpm
14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm
Corporate 4.0:
95973160bd68a3aed051806372901781 corporate/4.0/i586/ImageMagick-6.2.4.3-1.6.20060mlcs4.i586.rpm
abde3c8490d43ae6420d0d9956f2aee5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.i586.rpm
b6d7c4e7eb3129d9dd7a54fb01ef8092 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.6.20060mlcs4.i586.rpm
d84c750f874a5208012029e3583cb9e4 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.i586.rpm
f675bf9dca0952142beb708f4810b9c7 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.i586.rpm
a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
932916789e755403722596bc6ff5db77 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
4450c7359f47f2dd7bc6792ede57a4e2 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
90666c9e1ed0ac69283ca78892f621ab corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
b55e2d4e7bea0f4f6c7ff76cb7cf5b7b corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
c2e233ddc77013d62169ea4cb4a1d56f corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGoSrZmqjQ0CJFipgRAtMxAJ9M8C7e4HWz1dumgv8FLsGKJVKCmwCg39ku
W9krF68ToP8F3PwDJxnUjas=
=SyYs
-----END PGP SIGNATURE-----