Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in imagemagick
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in imagemagick
ID: MDKSA-2005:065
Distribution: Mandrake
Plattformen: Mandrake Corporate Server 2.1, Mandrake 10.0, Mandrake 10.1, Mandrake Corporate Server 3.0
Datum: Sa, 2. April 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0762
Applikationen: ImageMagick

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           ImageMagick
 Advisory ID:            MDKSA-2005:065
 Date:                   April 1st, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A format string vulnerability was discovered in ImageMagick, in the
 way it handles filenames.  An attacker could execute arbitrary code on
 a victim's machine provided they could trick them into opening a file
 with a special name (CAN-2005-0397).
 
 As well, Andrei Nigmatulin discovered a heap-based buffer overflow in
 ImageMagick's image handler.  An attacker could create a special
 PhotoShop Document (PSD) image file in such a way that it would cause
 ImageMagick to execute arbitray code when processing the image
 (CAN-2005-0005).
 
 Other vulnerabilities were discovered in ImageMagick versions prior
 to 6.0:
 
 A bug in the way that ImageMagick handles TIFF tags was discovered.
 It was possible that a TIFF image with an invalid tag could cause
 ImageMagick to crash (CAN-2005-0759).
 
 A bug in ImageMagick's TIFF decoder was discovered where a specially-
 crafted TIFF image could cause ImageMagick to crash (CAN-2005-0760).
 
 A bug in ImageMagick's PSD parsing was discovered where a specially-
 crafted PSD file could cause ImageMagick to crash (CAN-2005-0761).
 
 Finally, a heap overflow bug was discovered in ImageMagick's SGI
 parser.  If an attacker could trick a user into opening a specially-
 crafted SGI image file, ImageMagick would execute arbitrary code
 (CAN-2005-0762).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0759
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0760
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0761
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0762
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6934bcdb04a00c9e8bf278310a4d97a1 
 10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.i586.rpm
 3a0baa10203d9cd7f29693d70c422411 
 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.i586.rpm
 cc4466005fcefc66302e76c380fd3d29 
 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.100mdk.i586.rpm
 4dab1d0e359b30def19dd027e2c9cecc 
 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.100mdk.i586.rpm
 79b4999b37e80b82d3e31ad26db7b90b 
 10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.i586.rpm
 2ddc8dbc59fd26cdf0654f7393e63acc 
 10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 19999eddbba540b711d8286cc63aab13 
 amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.3.100mdk.amd64.rpm
 d6cc1e5d60cfc7f3e635e3a19cfa39c2 
 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.100mdk.amd64.rpm
 2d51f1395c4b5bd61b8d2b9e04b8c32e 
 amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.100mdk.amd64.rpm
 4efb0e3ea5ce48723af60c27755a8c1e 
 amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk.amd64.rpm
 3063415e823fdba9077d33fdc80d5812 
 amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.3.100mdk.amd64.rpm
 2ddc8dbc59fd26cdf0654f7393e63acc 
 amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 9f484abe4c4a273f02e75b326cd75703 
 10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.i586.rpm
 02f61f0204678e5fbe93bf798650ae30 
 10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.i586.rpm
 0956e5b16ef8cb9f0679a0e18c6db2b5 
 10.1/RPMS/libMagick6.4.0-6.0.4.4-5.2.101mdk.i586.rpm
 1d88ee2ab0452d6bfb30998bd3d5b783 
 10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.2.101mdk.i586.rpm
 3e4e9b98225c454b3cc7679cce543efa 
 10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.i586.rpm
 dcf46d41f345b3cfb35f720191ffee95 
 10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 2b233a0f81ffa51aa04cdb2692a9326f 
 x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.2.101mdk.x86_64.rpm
 4970da03098334fb083755bf67939360 
 x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.2.101mdk.x86_64.rpm
 e83077f3d38232432aa8641dd94ad804 
 x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.2.101mdk.x86_64.rpm
 db849fd4641def869876a614a24a2ec2 
 x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.2.101mdk.x86_64.rpm
 12d68cdf7e347606bf9bb70ba6051ce3 
 x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.2.101mdk.x86_64.rpm
 dcf46d41f345b3cfb35f720191ffee95 
 x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.2.101mdk.src.rpm

 Corporate Server 2.1:
 b5790a7e928f01d6711cfd29e60df9eb 
 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.i586.rpm
 12fc1f15675a34018601246dbf48efd1 
 corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.i586.rpm
 e70caf4a6f3f7bc68771c78d8322bbfb 
 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.i586.rpm
 514c24bde5b0a9b9f7e9e00c3b29f10e 
 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.i586.rpm
 2e58703fa9039f43f477738dfca60b50 
 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b67fb79755ceddb46e334f1633dd7aae 
 x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.3.C21mdk.x86_64.rpm
 f5e945a29810bcc32ac1eca995071fb5 
 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.3.C21mdk.x86_64.rpm
 80f7085bc6e4b2e0f2ce329d4fbd84a1 
 x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.3.C21mdk.x86_64.rpm
 62013e17a37016ed6d1399873315aeb0 
 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.3.C21mdk.x86_64.rpm
 2e58703fa9039f43f477738dfca60b50 
 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.3.C21mdk.src.rpm

 Corporate 3.0:
 2b6b1cf0015a34fa11ca7705a699510e 
 corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.i586.rpm
 561ce007678557f825ebff37b1428412 
 corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.i586.rpm
 53d43d1df6bdf4165f4e6f91ce7d0db2 
 corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.3.C30mdk.i586.rpm
 c87ac116fb584684a767b98f6afa3075 
 corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.3.C30mdk.i586.rpm
 f167bc2e68e9c0dd50d5194b0eb4a94c 
 corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.i586.rpm
 b28bb96208961dba1afe76667d993051 
 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 74b8532afa8187eff8a8a2bdf954c638 
 x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.3.C30mdk.x86_64.rpm
 637c470bfcba18f87d7e4f64a261fde4 
 x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.3.C30mdk.x86_64.rpm
 6d182fc7976de33b1cd9a5a293ebe81e 
 x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.3.C30mdk.x86_64.rpm
 feecb9d9b44fb683e0daf6701ea9cf7e 
 x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.3.C30mdk.x86_64.rpm
 919e98e64fe436674016a48142ab0ebd 
 x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.3.C30mdk.x86_64.rpm
 b28bb96208961dba1afe76667d993051 
 x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCTdv2mqjQ0CJFipgRAiM4AJwPLN5VVyzb0K+oqRjhQFaHz1A7OQCfb1oe
rQ2s+t18T6JY8YYKYcp6DZo=
=eQJV
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung