-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:261 http://www.mandriva.com/security/ _______________________________________________________________________ Package : graphicsmagick Date : August 8, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in GraphicsMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: ade6b05054eb5fdb7ee5d218bdfb713d 2009.0/i586/graphicsmagick-1.2.5-2.1mdv2009.0.i586.rpm 55a6a4b0427607c62afbd80c65c7514b 2009.0/i586/graphicsmagick-doc-1.2.5-2.1mdv2009.0.i586.rpm 52c6edba294aca9900fc693e71d4bb8f 2009.0/i586/libgraphicsmagick2-1.2.5-2.1mdv2009.0.i586.rpm d9401800dac3796c09fc53392f77d2a8 2009.0/i586/libgraphicsmagick-devel-1.2.5-2.1mdv2009.0.i586.rpm f48a7fbeca593f65735d58de976ca155 2009.0/i586/libgraphicsmagickwand1-1.2.5-2.1mdv2009.0.i586.rpm 8b773ffdfd8beefb460976a896586e73 2009.0/i586/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.i586.rpm e8c48c52588f2719f4477bd588a210e5 2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f328d661822d91ea96411873510d55a1 2009.0/x86_64/graphicsmagick-1.2.5-2.1mdv2009.0.x86_64.rpm 7c39f2425fd207884b8e3f49213a3672 2009.0/x86_64/graphicsmagick-doc-1.2.5-2.1mdv2009.0.x86_64.rpm 0f91690c6f3a4112620ada0c6e80df28 2009.0/x86_64/lib64graphicsmagick2-1.2.5-2.1mdv2009.0.x86_64.rpm e98d6aa7020984f6e817a3105a30ab10 2009.0/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdv2009.0.x86_64.rpm 686314b6625518838d61ed562c89c6d5 2009.0/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdv2009.0.x86_64.rpm 870431de7df0e8dbe2a8c588f0ad3629 2009.0/x86_64/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.x86_64.rpm e8c48c52588f2719f4477bd588a210e5 2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 1693b9ca4197dbf72f94189db6f0499f 2009.1/i586/graphicsmagick-1.3.5-3.1mdv2009.1.i586.rpm e64fff1e11cc9fd784cf40a68fb83ce2 2009.1/i586/graphicsmagick-doc-1.3.5-3.1mdv2009.1.i586.rpm ace0b64ba38707177673b575d1b7fd1e 2009.1/i586/libgraphicsmagick3-1.3.5-3.1mdv2009.1.i586.rpm 9d8cbbbddbf00b31ee48e107445c2462 2009.1/i586/libgraphicsmagick-devel-1.3.5-3.1mdv2009.1.i586.rpm 99ac37adadabaf98c7720025759d915b 2009.1/i586/libgraphicsmagickwand2-1.3.5-3.1mdv2009.1.i586.rpm 97b7e9fc53aa4afcf619680dac0afcbd 2009.1/i586/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.i586.rpm fd715587e7428cec0c3c23f1d4c8e661 2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 20dde6f65a3ebd697191211926cea2ef 2009.1/x86_64/graphicsmagick-1.3.5-3.1mdv2009.1.x86_64.rpm 319b9e53b539ad877233cda40a55b186 2009.1/x86_64/graphicsmagick-doc-1.3.5-3.1mdv2009.1.x86_64.rpm 799adaca0cacebdec02395a9b6f1bf3d 2009.1/x86_64/lib64graphicsmagick3-1.3.5-3.1mdv2009.1.x86_64.rpm 064d5996166fe1d63e8fa1eb350174eb 2009.1/x86_64/lib64graphicsmagick-devel-1.3.5-3.1mdv2009.1.x86_64.rpm 115637052c1a6b5cde336a8e3761e3d9 2009.1/x86_64/lib64graphicsmagickwand2-1.3.5-3.1mdv2009.1.x86_64.rpm 189599de476bec866496d35320e4a469 2009.1/x86_64/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.x86_64.rpm fd715587e7428cec0c3c23f1d4c8e661 2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm Mandriva Enterprise Server 5: 5af9093aeeae64e9ff3a90a63bd50017 mes5/i586/graphicsmagick-1.2.5-2.1mdvmes5.i586.rpm fc35a1bc507a71cc90f3d569c682cd06 mes5/i586/graphicsmagick-doc-1.2.5-2.1mdvmes5.i586.rpm 43d10eadd49298810e3e37baa19f7430 mes5/i586/libgraphicsmagick2-1.2.5-2.1mdvmes5.i586.rpm 6a7c0c644593553bea55bf98c1b24cd3 mes5/i586/libgraphicsmagick-devel-1.2.5-2.1mdvmes5.i586.rpm 76704988afff3625e0814a621dd49fee mes5/i586/libgraphicsmagickwand1-1.2.5-2.1mdvmes5.i586.rpm 4dd6800e94973d4a7c255f7be2387fd2 mes5/i586/perl-Graphics-Magick-1.2.5-2.1mdvmes5.i586.rpm d0550ac4fde734f40c14e36f8f53bfde mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 24d9d94dc4653a1b929d00014474ea6e mes5/x86_64/graphicsmagick-1.2.5-2.1mdvmes5.x86_64.rpm 6435f7e5a1020eb44e7b0c030f163b24 mes5/x86_64/graphicsmagick-doc-1.2.5-2.1mdvmes5.x86_64.rpm 007696bf76e4de0507499a1de77cba52 mes5/x86_64/lib64graphicsmagick2-1.2.5-2.1mdvmes5.x86_64.rpm dbbe2432dfd9120db55174a02bc907a2 mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdvmes5.x86_64.rpm 240e28c719fdb4164614657848414e2f mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdvmes5.x86_64.rpm 357feb2306b576c86d24e01de3537ee3 mes5/x86_64/perl-Graphics-Magick-1.2.5-2.1mdvmes5.x86_64.rpm d0550ac4fde734f40c14e36f8f53bfde mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKzn4gmqjQ0CJFipgRAromAKCUnVp547cdMFX6J7zFPN7RsZaMrQCfY2/H /jdE1z3d1RDRbTdlci4D1Vo= =aNcz -----END PGP SIGNATURE-----