Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in GraphicsMagick
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in GraphicsMagick
ID: MDVSA-2012:165
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0, Mandriva 2011
Datum: Sa, 13. Oktober 2012, 00:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
Applikationen: GraphicsMagick

Originalnachricht

This is a multi-part message in MIME format...

------------=_1350050981-4618-328

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:165
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphicsmagick
Date : October 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in graphicsmagick:

The Magick_png_malloc function in coders/png.c in GraphicsMagick
6.7.8-6 does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3438).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
367a67379d3161b66b3db37c56297eb3
2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
d3519a5408d1eeda3db286bc857a4bbb
2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
65bb6c899b011afea13e8321dd3bdd32
2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
101c43d52b1620343e1e81e3c6e3506f
2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
67f5ef6ae5acea07bca6560a5bcf2c92
2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
ee2e0fbe97ff041178d21590cc3c8153
2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Linux 2011/X86_64:
a957e7a56e08336b51e79554746f14af
2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
67f2ce45766afef7b4d6077c7ce74ab3
2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
cb565440ed807e22b90c7b39b569cd7f
2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
f1e444f58c1c34e82730cc33274f9be4
2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
d905ad3b3e4721b93a1c73c03904b736
2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
59da14c146f61c83e7328ed4e47d03c5
2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm
3aa91a6951df854074305fed3cd72bc2 2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

Mandriva Enterprise Server 5:
35bee93bbe7b07c5ef40d0cdc9666780
mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
4dee9ac6d19b7e09400c76ac037e5cb3
mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
fb0efbcf6b45c99f8706a92176352da9
mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
fc5b40ab4b47d843890db033a7ac33bc
mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
43a3600fdbacf3835e7c50f1a3b53013
mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
1fc18562b79267c9042d12e3803e62ba
mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm
6fa01775d5e75190d2e5fae45381f840
mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
5eed0706962564085444d6ad9c257c6a
mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
a1cec283ea30e3e0150b455df66aaae5
mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
23faf2af638b0b8170e4e1ec52ff796d
mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
9e5200bb525b14741d2acd65e127e41e
mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
5e73b553cbad16496b2e4814a4315789
mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
210e0928dbbc3d101e58d7dd93605d54
mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm
6fa01775d5e75190d2e5fae45381f840
mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/dAmqjQ0CJFipgRAqQnAKCdc7msYWca9F4ureZDQAS9qpFdbgCgjIsI
MioOqERuxDOczXS0BQiqvTw=
=/jcp
-----END PGP SIGNATURE-----


------------=_1350050981-4618-328
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1350050981-4618-328--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung