drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in ImageMagick
Name: |
Denial of Service in ImageMagick |
|
ID: |
MDVSA-2013:092 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Business Server 1.0 |
|
Datum: |
Di, 9. April 2013, 22:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1365534548-2161-341
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:092 http://www.mandriva.com/en/support/security/ _______________________________________________________________________
Package : imagemagick Date : April 9, 2013 Affected: Business Server 1.0 _______________________________________________________________________
Problem Description:
Updated imagemagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3437). _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243 _______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64: 7fe90bbb731ad0fb0e55747124e8fd96 mbs1/x86_64/imagemagick-6.7.5.10-3.1.mbs1.x86_64.rpm cf159673fde6b441f0137b15bb510ba5 mbs1/x86_64/imagemagick-desktop-6.7.5.10-3.1.mbs1.x86_64.rpm c4ac324ad2db40dc77981f4e1da94338 mbs1/x86_64/imagemagick-doc-6.7.5.10-3.1.mbs1.noarch.rpm 16f52283a58f5b4b3abc3c56996e0347 mbs1/x86_64/lib64magick5-6.7.5.10-3.1.mbs1.x86_64.rpm 9a57af08989ab5f8f9088e23e0e95d8e mbs1/x86_64/lib64magick-devel-6.7.5.10-3.1.mbs1.x86_64.rpm 1371d8af8b006937fc280f1fda7c342a mbs1/x86_64/perl-Image-Magick-6.7.5.10-3.1.mbs1.x86_64.rpm 2734ec58b49b08b1024b8b276f2876d5 mbs1/SRPMS/imagemagick-6.7.5.10-3.1.mbs1.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZDz3mqjQ0CJFipgRAhV3AJ0QZ1Vxwc5POmi2TDXv69CoMLtwWwCgoqP3 vTiExmbyWe83nAa2oUwJFeE= =kJtK -----END PGP SIGNATURE-----
------------=_1365534548-2161-341 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________
------------=_1365534548-2161-341--
|
|
|
|