-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:147 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ImageMagick Date : July 20, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges. The updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 343587ddd298b9dfb7dc6c5caecb70d0 2007.0/i586/ImageMagick-6.2.9.2-1.3mdv2007.0.i586.rpm fcce307ef73994175a3d51137266a6af 2007.0/i586/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.i586.rpm 64bd268c6592b10f44adc22c16c8034b 2007.0/i586/libMagick10.4.0-6.2.9.2-1.3mdv2007.0.i586.rpm 83bdd365ddaebdeba93669741053d998 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.3mdv2007.0.i586.rpm da2075d33957e1cfd48bca48e6045366 2007.0/i586/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.i586.rpm 9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 96bdffd605ca39d1dc0a679cef1ac7fc 2007.0/x86_64/ImageMagick-6.2.9.2-1.3mdv2007.0.x86_64.rpm 6889ad0d3b9b99744f4e3d245fa09a94 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.x86_64.rpm 3d58aa4195fcb658853bd515103e9434 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.3mdv2007.0.x86_64.rpm 5eddebd9cae0bf6e9aedf8542e880ae1 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.3mdv2007.0.x86_64.rpm 290cd11e7d80cc96cf633c12aa0907ce 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.x86_64.rpm 9475b65f0389811d6d24b4afb5d1f0f7 2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm Mandriva Linux 2007.1: eb87e7c334209c8684a1b67445720fd7 2007.1/i586/ImageMagick-6.3.2.9-5.1mdv2007.1.i586.rpm 3ae9d9d49b46f327efbcf35967700011 2007.1/i586/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.i586.rpm 729b308b20fa3fdf18e262a4da4092d8 2007.1/i586/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.i586.rpm 174bd6a073bc802246d6e97b1995174e 2007.1/i586/libMagick10.7.0-6.3.2.9-5.1mdv2007.1.i586.rpm ffe8d8e96f27eb2b5767f587c03d1c3f 2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.1mdv2007.1.i586.rpm 94b7c633860dca3e15f6f93b9690bc06 2007.1/i586/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.i586.rpm 8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 2321dfeec60cd7aa9d10e4b2d3e95c15 2007.1/x86_64/ImageMagick-6.3.2.9-5.1mdv2007.1.x86_64.rpm 3cab45fe3f4f5d122645de4fe1bf9c03 2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.x86_64.rpm 03b60841608c2ccb09f97befca901906 2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.x86_64.rpm 209cc68583cc4daf0fa9ebd425c94007 2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.1mdv2007.1.x86_64.rpm edcf84ea5290d2e92ddc2e2cd1f21a03 2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.1mdv2007.1.x86_64.rpm 43ba4dd5a323036259b1b5fdecc2076b 2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.x86_64.rpm 8d70c1afadd634d2e3b618b14b79efbf 2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm Corporate 3.0: 16813a44dac74871a5db809ce9f9e002 corporate/3.0/i586/ImageMagick-5.5.7.15-6.11.C30mdk.i586.rpm 57b4e7c0600b065753442c4b5e221b20 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.11.C30mdk.i586.rpm 0cc167ebf831e7480ae074bd16c15b75 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.11.C30mdk.i586.rpm 25f93102616d5e30e97c145f13a35726 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.11.C30mdk.i586.rpm 60e2ad207a60aaa172f4e3d0f024c122 corporate/3.0/i586/perl-Magick-5.5.7.15-6.11.C30mdk.i586.rpm 14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm Corporate 3.0/X86_64: 593bbef64a1dd8be7dff37021a504812 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.11.C30mdk.x86_64.rpm 7b9998a9e7f0f653aa57db89c27cb15b corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.11.C30mdk.x86_64.rpm 6c7492a96b986962b8f8f9f7925bde8d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.11.C30mdk.x86_64.rpm 22f51cc5c770c95958f5e3c344748f5c corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.11.C30mdk.x86_64.rpm aefed15ea641344181dddd4ec35752c0 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.11.C30mdk.x86_64.rpm 14bc8952ce20fd3849f80b1e78f7043c corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm Corporate 4.0: 95973160bd68a3aed051806372901781 corporate/4.0/i586/ImageMagick-6.2.4.3-1.6.20060mlcs4.i586.rpm abde3c8490d43ae6420d0d9956f2aee5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.i586.rpm b6d7c4e7eb3129d9dd7a54fb01ef8092 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.6.20060mlcs4.i586.rpm d84c750f874a5208012029e3583cb9e4 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.i586.rpm f675bf9dca0952142beb708f4810b9c7 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.i586.rpm a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 932916789e755403722596bc6ff5db77 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm 4450c7359f47f2dd7bc6792ede57a4e2 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.x86_64.rpm 90666c9e1ed0ac69283ca78892f621ab corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.6.20060mlcs4.x86_64.rpm b55e2d4e7bea0f4f6c7ff76cb7cf5b7b corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.x86_64.rpm c2e233ddc77013d62169ea4cb4a1d56f corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm a875a3e81ed37bd88099a44f40f9cb56 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGoSrZmqjQ0CJFipgRAtMxAJ9M8C7e4HWz1dumgv8FLsGKJVKCmwCg39ku W9krF68ToP8F3PwDJxnUjas= =SyYs -----END PGP SIGNATURE-----