-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:165 http://www.mandriva.com/security/ _______________________________________________________________________ Package : graphicsmagick Date : October 12, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in graphicsmagick: The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3438). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: 367a67379d3161b66b3db37c56297eb3 2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm d3519a5408d1eeda3db286bc857a4bbb 2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm 65bb6c899b011afea13e8321dd3bdd32 2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm 101c43d52b1620343e1e81e3c6e3506f 2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm 67f5ef6ae5acea07bca6560a5bcf2c92 2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm ee2e0fbe97ff041178d21590cc3c8153 2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm 3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm Mandriva Linux 2011/X86_64: a957e7a56e08336b51e79554746f14af 2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm 67f2ce45766afef7b4d6077c7ce74ab3 2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm cb565440ed807e22b90c7b39b569cd7f 2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm f1e444f58c1c34e82730cc33274f9be4 2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm d905ad3b3e4721b93a1c73c03904b736 2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm 59da14c146f61c83e7328ed4e47d03c5 2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm 3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm Mandriva Enterprise Server 5: 35bee93bbe7b07c5ef40d0cdc9666780 mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm 4dee9ac6d19b7e09400c76ac037e5cb3 mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm fb0efbcf6b45c99f8706a92176352da9 mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm fc5b40ab4b47d843890db033a7ac33bc mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm 43a3600fdbacf3835e7c50f1a3b53013 mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm 1fc18562b79267c9042d12e3803e62ba mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm 6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 5eed0706962564085444d6ad9c257c6a mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm a1cec283ea30e3e0150b455df66aaae5 mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm 23faf2af638b0b8170e4e1ec52ff796d mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm 9e5200bb525b14741d2acd65e127e41e mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm 5e73b553cbad16496b2e4814a4315789 mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm 210e0928dbbc3d101e58d7dd93605d54 mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm 6fa01775d5e75190d2e5fae45381f840 mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQd/dAmqjQ0CJFipgRAqQnAKCdc7msYWca9F4ureZDQAS9qpFdbgCgjIsI MioOqERuxDOczXS0BQiqvTw= =/jcp -----END PGP SIGNATURE-----