[Full-disclosure] [ MDVSA-2009:261 ] graphicsmagick




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:261
http://www.mandriva.com/security/
_______________________________________________________________________

Package : graphicsmagick
Date : August 8, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in GraphicsMagick,
which could lead to integer overflow in the XMakeImage function in
magick/xwindow.c, allowing remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted
TIFF file, which triggers a buffer overflow (CVE-2009-1882).

This update fixes this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1882
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
ade6b05054eb5fdb7ee5d218bdfb713d 2009.0/i586/graphicsmagick-1.2.5-2.1mdv2009.0.i586.rpm
55a6a4b0427607c62afbd80c65c7514b 2009.0/i586/graphicsmagick-doc-1.2.5-2.1mdv2009.0.i586.rpm
52c6edba294aca9900fc693e71d4bb8f 2009.0/i586/libgraphicsmagick2-1.2.5-2.1mdv2009.0.i586.rpm
d9401800dac3796c09fc53392f77d2a8 2009.0/i586/libgraphicsmagick-devel-1.2.5-2.1mdv2009.0.i586.rpm
f48a7fbeca593f65735d58de976ca155 2009.0/i586/libgraphicsmagickwand1-1.2.5-2.1mdv2009.0.i586.rpm
8b773ffdfd8beefb460976a896586e73 2009.0/i586/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.i586.rpm
e8c48c52588f2719f4477bd588a210e5 2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
f328d661822d91ea96411873510d55a1 2009.0/x86_64/graphicsmagick-1.2.5-2.1mdv2009.0.x86_64.rpm
7c39f2425fd207884b8e3f49213a3672 2009.0/x86_64/graphicsmagick-doc-1.2.5-2.1mdv2009.0.x86_64.rpm
0f91690c6f3a4112620ada0c6e80df28 2009.0/x86_64/lib64graphicsmagick2-1.2.5-2.1mdv2009.0.x86_64.rpm
e98d6aa7020984f6e817a3105a30ab10 2009.0/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdv2009.0.x86_64.rpm
686314b6625518838d61ed562c89c6d5 2009.0/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdv2009.0.x86_64.rpm
870431de7df0e8dbe2a8c588f0ad3629 2009.0/x86_64/perl-Graphics-Magick-1.2.5-2.1mdv2009.0.x86_64.rpm
e8c48c52588f2719f4477bd588a210e5 2009.0/SRPMS/graphicsmagick-1.2.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
1693b9ca4197dbf72f94189db6f0499f 2009.1/i586/graphicsmagick-1.3.5-3.1mdv2009.1.i586.rpm
e64fff1e11cc9fd784cf40a68fb83ce2 2009.1/i586/graphicsmagick-doc-1.3.5-3.1mdv2009.1.i586.rpm
ace0b64ba38707177673b575d1b7fd1e 2009.1/i586/libgraphicsmagick3-1.3.5-3.1mdv2009.1.i586.rpm
9d8cbbbddbf00b31ee48e107445c2462 2009.1/i586/libgraphicsmagick-devel-1.3.5-3.1mdv2009.1.i586.rpm
99ac37adadabaf98c7720025759d915b 2009.1/i586/libgraphicsmagickwand2-1.3.5-3.1mdv2009.1.i586.rpm
97b7e9fc53aa4afcf619680dac0afcbd 2009.1/i586/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.i586.rpm
fd715587e7428cec0c3c23f1d4c8e661 2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
20dde6f65a3ebd697191211926cea2ef 2009.1/x86_64/graphicsmagick-1.3.5-3.1mdv2009.1.x86_64.rpm
319b9e53b539ad877233cda40a55b186 2009.1/x86_64/graphicsmagick-doc-1.3.5-3.1mdv2009.1.x86_64.rpm
799adaca0cacebdec02395a9b6f1bf3d 2009.1/x86_64/lib64graphicsmagick3-1.3.5-3.1mdv2009.1.x86_64.rpm
064d5996166fe1d63e8fa1eb350174eb 2009.1/x86_64/lib64graphicsmagick-devel-1.3.5-3.1mdv2009.1.x86_64.rpm
115637052c1a6b5cde336a8e3761e3d9 2009.1/x86_64/lib64graphicsmagickwand2-1.3.5-3.1mdv2009.1.x86_64.rpm
189599de476bec866496d35320e4a469 2009.1/x86_64/perl-Graphics-Magick-1.3.5-3.1mdv2009.1.x86_64.rpm
fd715587e7428cec0c3c23f1d4c8e661 2009.1/SRPMS/graphicsmagick-1.3.5-3.1mdv2009.1.src.rpm

Mandriva Enterprise Server 5:
5af9093aeeae64e9ff3a90a63bd50017 mes5/i586/graphicsmagick-1.2.5-2.1mdvmes5.i586.rpm
fc35a1bc507a71cc90f3d569c682cd06 mes5/i586/graphicsmagick-doc-1.2.5-2.1mdvmes5.i586.rpm
43d10eadd49298810e3e37baa19f7430 mes5/i586/libgraphicsmagick2-1.2.5-2.1mdvmes5.i586.rpm
6a7c0c644593553bea55bf98c1b24cd3 mes5/i586/libgraphicsmagick-devel-1.2.5-2.1mdvmes5.i586.rpm
76704988afff3625e0814a621dd49fee mes5/i586/libgraphicsmagickwand1-1.2.5-2.1mdvmes5.i586.rpm
4dd6800e94973d4a7c255f7be2387fd2 mes5/i586/perl-Graphics-Magick-1.2.5-2.1mdvmes5.i586.rpm
d0550ac4fde734f40c14e36f8f53bfde mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
24d9d94dc4653a1b929d00014474ea6e mes5/x86_64/graphicsmagick-1.2.5-2.1mdvmes5.x86_64.rpm
6435f7e5a1020eb44e7b0c030f163b24 mes5/x86_64/graphicsmagick-doc-1.2.5-2.1mdvmes5.x86_64.rpm
007696bf76e4de0507499a1de77cba52 mes5/x86_64/lib64graphicsmagick2-1.2.5-2.1mdvmes5.x86_64.rpm
dbbe2432dfd9120db55174a02bc907a2 mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.1mdvmes5.x86_64.rpm
240e28c719fdb4164614657848414e2f mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.1mdvmes5.x86_64.rpm
357feb2306b576c86d24e01de3537ee3 mes5/x86_64/perl-Graphics-Magick-1.2.5-2.1mdvmes5.x86_64.rpm
d0550ac4fde734f40c14e36f8f53bfde mes5/SRPMS/graphicsmagick-1.2.5-2.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKzn4gmqjQ0CJFipgRAromAKCUnVp547cdMFX6J7zFPN7RsZaMrQCfY2/H
/jdE1z3d1RDRbTdlci4D1Vo=
=aNcz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/