Advisories
Mandriva Advisories
|
 |
| Problem Description |
A heap-based buffer overflow was found in the way that ImageMagick
parses PNM files. If an attacker can trick a victim into opening
a specially crafted PNM file, the attacker could execute arbitrary
code on the victim's machine (CAN-2005-1275).
As well, a Denial of Service vulnerability was found in the way
that ImageMagick parses XWD files. If a user or program executed
ImageMagick to process a malicious XWD file, ImageMagick will enter
info an infinite loop causing a DoS (CAN-2005-1739).
The updated packages have been patched to fix these issues.
| Updated Packages |
Mandrakelinux 10.1
7204ab3971632313f7ae847da62af4c5 10.1/RPMS/ImageMagick-6.0.4.4-5.3.101mdk.i586.rpm bff95b521ea8c8e2a159495c25e51efc 10.1/RPMS/ImageMagick-doc-6.0.4.4-5.3.101mdk.i586.rpm d65c0c50a3d40ceac62bae4fe0088ecb 10.1/RPMS/libMagick6.4.0-6.0.4.4-5.3.101mdk.i586.rpm 878c21b19aa7afebdaa779b9b3ef71d3 10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.3.101mdk.i586.rpm 5c5fc0b42c710313e8e6d42628ab70b5 10.1/RPMS/perl-Magick-6.0.4.4-5.3.101mdk.i586.rpm d68f51a677e771ae20b4ff91d1792773 10.1/SRPMS/ImageMagick-6.0.4.4-5.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
798ffe25847a9c9e0cc3592c9eb01860 x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.3.101mdk.x86_64.rpm ef92b2e22fa6ac4c9d39b84412d1f115 x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.3.101mdk.x86_64.rpm e5653abbf08119cabba8535b6aa988d9 x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.3.101mdk.x86_64.rpm c364fae31c3dd29641bda09bccf283fe x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.3.101mdk.x86_64.rpm 0a65d39ff4b976c45ace888f62c6a73e x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.3.101mdk.x86_64.rpm d68f51a677e771ae20b4ff91d1792773 x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.3.101mdk.src.rpm
Corporate Server 2.1
404ebb17078c3f09a86217afdb958407 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.4.C21mdk.i586.rpm 7aec358404c3c43708bd171f93abda6a corporate/2.1/RPMS/libMagick5-5.4.8.3-2.4.C21mdk.i586.rpm d89eef776bb0709fb7834aa2caa9df83 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.4.C21mdk.i586.rpm b2d796af8410f867f3f02f16b977e646 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.4.C21mdk.i586.rpm fc428f61f00a13dab91a583bf7c037b1 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64
24db2c7377eeecfcb6bff42835a5408e x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.4.C21mdk.x86_64.rpm aa24822cb61e3013cc231e9b32b7c239 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.4.C21mdk.x86_64.rpm 7b7086a467ee0b3ef2db9158b37026c8 x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.4.C21mdk.x86_64.rpm ebfffce996bf42b1def96109449da752 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.4.C21mdk.x86_64.rpm fc428f61f00a13dab91a583bf7c037b1 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.4.C21mdk.src.rpm
Corporate Server 3.0
7c8ac61f65fb056784da754055f29e98 corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.4.C30mdk.i586.rpm 4c353e45b5b324533149042836076e0a corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.4.C30mdk.i586.rpm 1f4a50bf076d4eb0c09130f5e1fb663b corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.4.C30mdk.i586.rpm 56c938c54a8e032a72f38bbdbfce0c6b corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.4.C30mdk.i586.rpm 1a7ef96b56e35e9afbe2b33a02e2eeba corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.4.C30mdk.i586.rpm 478a29a256c3418fe826746f761f9dd0 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.4.C30mdk.src.rpm
Corporate Server 3.0/X86_64
cb784d42be12ece05ad872a45da61e3d x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.4.C30mdk.x86_64.rpm 076932dfe4a0975c14f7f6027ed650dd x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.4.C30mdk.x86_64.rpm 4ee3b5ffb7aa2496e1ad6448d23e48db x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.4.C30mdk.x86_64.rpm eb7d4c0aa93e759890c906fe3a89f43c x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.4.C30mdk.x86_64.rpm a20da02a6fd0d101ff7166c836f5da91 x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.4.C30mdk.x86_64.rpm 478a29a256c3418fe826746f761f9dd0 x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.4.C30mdk.src.rpm
Mandriva Linux LE2005
9a9011f107558829fcb232fd85d556dc 10.2/RPMS/ImageMagick-6.2.0.3-8.1.102mdk.i586.rpm 47c28aa693bd83166100451b958dd3b8 10.2/RPMS/ImageMagick-doc-6.2.0.3-8.1.102mdk.i586.rpm d0844c92f73aef8e29a12e2cc8c3d946 10.2/RPMS/libMagick8.0.2-6.2.0.3-8.1.102mdk.i586.rpm 5c7640c27cea8164a42d5f3048c4aac3 10.2/RPMS/libMagick8.0.2-devel-6.2.0.3-8.1.102mdk.i586.rpm eecc10db3e0633056039b7e3b6c0269b 10.2/RPMS/perl-Image-Magick-6.2.0.3-8.1.102mdk.i586.rpm a0107084465ecdd25a967bc865282c8e 10.2/SRPMS/ImageMagick-6.2.0.3-8.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
6b7cc28d1fdb66d0eda4206f2b47deff x86_64/10.2/RPMS/ImageMagick-6.2.0.3-8.1.102mdk.x86_64.rpm 6864d0102bfb382d997c0325a80ba199 x86_64/10.2/RPMS/ImageMagick-doc-6.2.0.3-8.1.102mdk.x86_64.rpm 5efd08cab8bbb20c4fb736f01d11aab0 x86_64/10.2/RPMS/lib64Magick8.0.2-6.2.0.3-8.1.102mdk.x86_64.rpm 408fd0dd00b46295a7aff30dc5271c43 x86_64/10.2/RPMS/lib64Magick8.0.2-devel-6.2.0.3-8.1.102mdk.x86_64.rpm d6d790e26c405512a1ab7000cbb8ea02 x86_64/10.2/RPMS/perl-Image-Magick-6.2.0.3-8.1.102mdk.x86_64.rpm a0107084465ecdd25a967bc865282c8e x86_64/10.2/SRPMS/ImageMagick-6.2.0.3-8.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1739
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.