-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:260 http://www.mandriva.com/security/ _______________________________________________________________________ Package : imagemagick Date : August 8, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 000d32ef4c7a210f723bb8abca2369a1 2008.1/i586/imagemagick-6.3.8.9-1.1mdv2008.1.i586.rpm 3bb088effcf1578730669f7090715a79 2008.1/i586/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.i586.rpm 31eb071ed1805064709079f359bdccd1 2008.1/i586/imagemagick-doc-6.3.8.9-1.1mdv2008.1.i586.rpm 6201b7e4a52ef6c7835ca0002d33dade 2008.1/i586/libmagick1-6.3.8.9-1.1mdv2008.1.i586.rpm ac1d144fb0f3b1b9c2f728b6c1fa7d38 2008.1/i586/libmagick-devel-6.3.8.9-1.1mdv2008.1.i586.rpm 98a34a50e775d92bb88d41e01beed2c8 2008.1/i586/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.i586.rpm 8dc8984568f0e766616f2b1a8d6ffb3f 2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 568ecc8b6e1d1927f8193daf92a6d822 2008.1/x86_64/imagemagick-6.3.8.9-1.1mdv2008.1.x86_64.rpm 46f7fb348d6b11c30e2f53c7b65552cf 2008.1/x86_64/imagemagick-desktop-6.3.8.9-1.1mdv2008.1.x86_64.rpm 4d5a62dff9b657c5ad24103adf5534fe 2008.1/x86_64/imagemagick-doc-6.3.8.9-1.1mdv2008.1.x86_64.rpm 1db6951bf26fb55b071ce965db0936c5 2008.1/x86_64/lib64magick1-6.3.8.9-1.1mdv2008.1.x86_64.rpm 3d9cf389175542631f558677b23d6b9e 2008.1/x86_64/lib64magick-devel-6.3.8.9-1.1mdv2008.1.x86_64.rpm 6aa6c28c70a270a5bfa3f18e33e0db0f 2008.1/x86_64/perl-Image-Magick-6.3.8.9-1.1mdv2008.1.x86_64.rpm 8dc8984568f0e766616f2b1a8d6ffb3f 2008.1/SRPMS/imagemagick-6.3.8.9-1.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 5864e9f2d4a68acf190615abd5f46f7e 2009.0/i586/imagemagick-6.4.2.10-5.1mdv2009.0.i586.rpm a16e207372431f6087ca52339eeed188 2009.0/i586/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.i586.rpm 8eb2185217957bcb40b83a79d579a76e 2009.0/i586/imagemagick-doc-6.4.2.10-5.1mdv2009.0.i586.rpm d922a7bb2f34cff1e646a9e8006d1ba8 2009.0/i586/libmagick1-6.4.2.10-5.1mdv2009.0.i586.rpm 6b5e5feef320022373fef83699daff57 2009.0/i586/libmagick-devel-6.4.2.10-5.1mdv2009.0.i586.rpm c6829d7f1f6d2822ee1eff9f8d864ae8 2009.0/i586/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.i586.rpm 64160117ddae7e1b63afe0ad2501c03f 2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 752d78e34f8af293dbc256ccce753537 2009.0/x86_64/imagemagick-6.4.2.10-5.1mdv2009.0.x86_64.rpm f9bf9850b50914e6df3ffed1f8134aef 2009.0/x86_64/imagemagick-desktop-6.4.2.10-5.1mdv2009.0.x86_64.rpm a23f78e65f43a72a96f9e2b3e02c128f 2009.0/x86_64/imagemagick-doc-6.4.2.10-5.1mdv2009.0.x86_64.rpm 6a5c32996c31efa050af82ebc6bf4d69 2009.0/x86_64/lib64magick1-6.4.2.10-5.1mdv2009.0.x86_64.rpm 6b0e93615ac03d283db4a51ad29ed21f 2009.0/x86_64/lib64magick-devel-6.4.2.10-5.1mdv2009.0.x86_64.rpm 1af2852fd61de493222f0bcf2d6577cb 2009.0/x86_64/perl-Image-Magick-6.4.2.10-5.1mdv2009.0.x86_64.rpm 64160117ddae7e1b63afe0ad2501c03f 2009.0/SRPMS/imagemagick-6.4.2.10-5.1mdv2009.0.src.rpm Mandriva Linux 2009.1: f2593b7f31dcb185746313e65aff44f7 2009.1/i586/imagemagick-6.5.0.2-1.1mdv2009.1.i586.rpm e988e6b818ed5c02bd7a5ff148417b00 2009.1/i586/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.i586.rpm 6d236c544e26afed4ef50e47686d872e 2009.1/i586/imagemagick-doc-6.5.0.2-1.1mdv2009.1.i586.rpm ddfdcefc6e06b96af42465299babbf10 2009.1/i586/libmagick2-6.5.0.2-1.1mdv2009.1.i586.rpm 40770452d4b337bfe1f10748edf709dc 2009.1/i586/libmagick-devel-6.5.0.2-1.1mdv2009.1.i586.rpm b00fc21d70701d23202007369d33ae06 2009.1/i586/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.i586.rpm 4059b2a924977c1fd32957f0f795dc47 2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: d7fdb4d090e6eb3d597a03d91b595022 2009.1/x86_64/imagemagick-6.5.0.2-1.1mdv2009.1.x86_64.rpm 9843947fcb53123bca7c8102c5aaef86 2009.1/x86_64/imagemagick-desktop-6.5.0.2-1.1mdv2009.1.x86_64.rpm 9cc98f238a7f91e46e000c6b0bcfa28a 2009.1/x86_64/imagemagick-doc-6.5.0.2-1.1mdv2009.1.x86_64.rpm 83b07458a85288b2bbeac339bf498157 2009.1/x86_64/lib64magick2-6.5.0.2-1.1mdv2009.1.x86_64.rpm 52cd08d348b044831a9c01b614f3a3d2 2009.1/x86_64/lib64magick-devel-6.5.0.2-1.1mdv2009.1.x86_64.rpm 1faa5bb19ef4b7452a4fd0feab51b4a4 2009.1/x86_64/perl-Image-Magick-6.5.0.2-1.1mdv2009.1.x86_64.rpm 4059b2a924977c1fd32957f0f795dc47 2009.1/SRPMS/imagemagick-6.5.0.2-1.1mdv2009.1.src.rpm Corporate 3.0: 645ec451082e58239f0489a3fab44238 corporate/3.0/i586/ImageMagick-5.5.7.15-6.13.C30mdk.i586.rpm 8310e2514914d4e7d344ba74b7f919a3 corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.13.C30mdk.i586.rpm 3012207a86e1f5610aba7f3109e19cd7 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.13.C30mdk.i586.rpm 76b19c2f7536f1cb2e06c542540aa9af corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.13.C30mdk.i586.rpm f06f03723173bc820fe53efe43ab8c97 corporate/3.0/i586/perl-Magick-5.5.7.15-6.13.C30mdk.i586.rpm ea14d890c45ca09b19c48f88ba50c133 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm Corporate 3.0/X86_64: 496d83839bfeb45fcbf39e5c1918b9b3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.3.100mdk.x86_64.rpm ea4fd434431ddceadd32c5ccc87b58ce corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.3.100mdk.x86_64.rpm 8c941260c67e4aab1a3ce8373485281d corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.x86_64.rpm b41e2a5118973a036efdcac43324cf81 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.x86_64.rpm 746b63d1b815ffb216c7d934c6054426 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.3.100mdk.x86_64.rpm ea14d890c45ca09b19c48f88ba50c133 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.13.C30mdk.src.rpm Corporate 4.0: 66c83e2b4c0a89aa486fe5eb3ea27afe corporate/4.0/i586/ImageMagick-6.2.4.3-1.9.20060mlcs4.i586.rpm b1886a35f1a2a2129a6501275b678b71 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.i586.rpm 2847cd7464510d150178b4463aac5c80 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.9.20060mlcs4.i586.rpm 629bb7b26373844d677d2499bf154f66 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.i586.rpm d05ef57b7fbbbfe5b982c09fab10ede2 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.i586.rpm ad99ab7db500fd2afb62120088cc4d28 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm Corporate 4.0/X86_64: 69517bf25c2493f61b603aa58bf5b171 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm bc9bdd25c5ee2900f9f5beac206f698f corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.9.20060mlcs4.x86_64.rpm 3f6e510d8cfa8b8e718ccac2aaab3a60 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.9.20060mlcs4.x86_64.rpm 87ca291036ffb59c08611042c99ea83c corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.9.20060mlcs4.x86_64.rpm 63bcd120edab25c9c947c43e7dc9bfcd corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.9.20060mlcs4.x86_64.rpm ad99ab7db500fd2afb62120088cc4d28 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.9.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 1a37840782a8ae1bab37f50b81fc0134 mes5/i586/imagemagick-6.4.2.10-5.1mdvmes5.i586.rpm 22e54f467f3d46666271a581a9a96e88 mes5/i586/imagemagick-desktop-6.4.2.10-5.1mdvmes5.i586.rpm 5e9c329e028cc589d963af48d4102910 mes5/i586/imagemagick-doc-6.4.2.10-5.1mdvmes5.i586.rpm 06e75470dc9554fd589e11ff6eacc1ae mes5/i586/libmagick1-6.4.2.10-5.1mdvmes5.i586.rpm 354edabae7e2b0e2dea687111137ef62 mes5/i586/libmagick-devel-6.4.2.10-5.1mdvmes5.i586.rpm 69f0d7c697752df502404ce598ce8601 mes5/i586/perl-Image-Magick-6.4.2.10-5.1mdvmes5.i586.rpm 7514326c9caa396cf19303c9c3fe8bb2 mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: f4626dafbdabba314cb91035476f8d6a mes5/x86_64/imagemagick-6.4.2.10-5.1mdvmes5.x86_64.rpm bf3b2922a0da494815d1d9e5d43f68f7 mes5/x86_64/imagemagick-desktop-6.4.2.10-5.1mdvmes5.x86_64.rpm 7f4e33fc5398d302d408ed8ac9476bf8 mes5/x86_64/imagemagick-doc-6.4.2.10-5.1mdvmes5.x86_64.rpm 283844cc3e0be95dfc5b90d10225d3d4 mes5/x86_64/lib64magick1-6.4.2.10-5.1mdvmes5.x86_64.rpm a6eb1b319874c2080f8b1759d280ee65 mes5/x86_64/lib64magick-devel-6.4.2.10-5.1mdvmes5.x86_64.rpm 04ccec2c19e2f9aedd4fed4df3b4e934 mes5/x86_64/perl-Image-Magick-6.4.2.10-5.1mdvmes5.x86_64.rpm 7514326c9caa396cf19303c9c3fe8bb2 mes5/SRPMS/imagemagick-6.4.2.10-5.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKzn36mqjQ0CJFipgRAm1oAJ4/rmywtwmIUNsUAL6JwlHTXMkUFgCg2jZ2 z3CtOJKMPXSkoU0jFrEETgU= =CJdS -----END PGP SIGNATURE-----