Date: 7 Dec 2004 02:25:26 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ImageMagick
Advisory ID: MDKSA-2004:143
Date: December 6th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability was discovered in ImageMagick where, due to a boundary
error within the EXIF parsing routine, a specially crafted graphic
image could potentially lead to the execution of arbitrary code.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
fe92759494d57d9e1482c433c54ff869 10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.i586.rpm
82051cb81cfffc7b8279e1742c3880ce 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.i586.rpm
39e259e655fff8913df660306935125c 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.2.100mdk.i586.rpm
7e410a3e45e5cdc1eb057c8fd3adfe22 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.2.100mdk.i586.rpm
692f423d2600551d7cd84fe62e24d500 10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.i586.rpm
b37e69f00c2da1981d41e1bc54af9878 10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
6f18d320751f01ca8e9688d3cf8cccd1 amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.2.100mdk.amd64.rpm
d7d239cd8efa17b5e21107b0b92cf9f3 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.2.100mdk.amd64.rpm
ee5bb6ae21ce8eecf2442da8ea32ffac amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.2.100mdk.amd64.rpm
894a86a229adc51026c349ff54ded4da amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.2.100mdk.amd64.rpm
986347b3262f0dd694be0cb37cec486c amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.2.100mdk.amd64.rpm
b37e69f00c2da1981d41e1bc54af9878 amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.2.100mdk.src.rpm
Mandrakelinux 10.1:
4ccc141762e2d463fd1d6090d0a2479e 10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.i586.rpm
41dac1ea340c626a2d4da2b744795d06 10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.i586.rpm
b2d6559795c8ea2f585728c9cbb90b89 10.1/RPMS/libMagick6.4.0-6.0.4.4-5.1.101mdk.i586.rpm
f7d73070aa5df624aee251815dda2410 10.1/RPMS/libMagick6.4.0-devel-6.0.4.4-5.1.101mdk.i586.rpm
f44f3ea752dd71f1bcb73de523ca81f5 10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.i586.rpm
1936104c39b2dde2b3ae2090a17729d0 10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ef8444748bc2d0e77b608a9b9e636529 x86_64/10.1/RPMS/ImageMagick-6.0.4.4-5.1.101mdk.x86_64.rpm
a6f42198fa5be410d009591cd0078b09 x86_64/10.1/RPMS/ImageMagick-doc-6.0.4.4-5.1.101mdk.x86_64.rpm
e67708b273f2efc51a5a590d8d455ac3 x86_64/10.1/RPMS/lib64Magick6.4.0-6.0.4.4-5.1.101mdk.x86_64.rpm
631cadb3f879a7c6fc302ef423b60cbe x86_64/10.1/RPMS/lib64Magick6.4.0-devel-6.0.4.4-5.1.101mdk.x86_64.rpm
a3a7c6ca5b75c9517083b0363c3ae899 x86_64/10.1/RPMS/perl-Magick-6.0.4.4-5.1.101mdk.x86_64.rpm
1936104c39b2dde2b3ae2090a17729d0 x86_64/10.1/SRPMS/ImageMagick-6.0.4.4-5.1.101mdk.src.rpm
Corporate Server 2.1:
3c979ba44b8667a13273abaf1ef9fbc5 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.i586.rpm
908645c9feb865bcd2346e85f2d3cccc corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.i586.rpm
6817b5c307373bb5bcfd8704038ab170 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.i586.rpm
161aada567715e12e582bd20cd45d7c0 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.i586.rpm
88e04a437b8c98bdf97c78af7c888524 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
b483d3bde5a5abaf12f11b16350efc61 x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.2.C21mdk.x86_64.rpm
507d84144336030bbcb5aa9520fec9d3 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.2.C21mdk.x86_64.rpm
8e6350a79310b07245b30d4a485be26b x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.2.C21mdk.x86_64.rpm
f0707d9c21b117babf0cd4c1336057a9 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.2.C21mdk.x86_64.rpm
88e04a437b8c98bdf97c78af7c888524 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.2.C21mdk.src.rpm
Mandrakelinux 9.2:
7d8071b2ab19ba89fb8ddc8b2f857ee3 9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.i586.rpm
67f7869416b518d4def7ae076ee06e39 9.2/RPMS/libMagick5.5.7-5.5.7.10-7.2.92mdk.i586.rpm
13d01e0ea997978bda6bbc9e7223745e 9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.2.92mdk.i586.rpm
ceef914612ea8f8b6debe257319001cd 9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.i586.rpm
f7b8e971d13a1b7332353d291b2f774c 9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
e4088933c94ed867ad9fc101944a8fa6 amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.2.92mdk.amd64.rpm
b5ecbbb86878b3d09daf617029a383bc amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.2.92mdk.amd64.rpm
ea7eb11d9bfa0ed0689316f0fa87171c amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.2.92mdk.amd64.rpm
5931f9e045956d2d85a23083d20f27fd amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.2.92mdk.amd64.rpm
f7b8e971d13a1b7332353d291b2f774c amd64/9.2/SRPMS/ImageMagick-5.5.7.10-7.2.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBtRSWmqjQ0CJFipgRAvkvAKDKF8uifBWYCelxiceJovWsLxwPHgCeMn0x
Xh2cjwpkAAsqZhAnfzXjuX8=
=i9xH
-----END PGP SIGNATURE-----