LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:165: graphicsmagick Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in graphicsmagick: The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:165
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : graphicsmagick
 Date    : October 12, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in graphicsmagick:
 
 The Magick_png_malloc function in coders/png.c in GraphicsMagick
 6.7.8-6 does not use the proper variable type for the allocation size,
 which might allow remote attackers to cause a denial of service (crash)
 via a crafted PNG file that triggers incorrect memory allocation
 (CVE-2012-3438).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 367a67379d3161b66b3db37c56297eb3  2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
 d3519a5408d1eeda3db286bc857a4bbb  2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
 65bb6c899b011afea13e8321dd3bdd32  2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
 101c43d52b1620343e1e81e3c6e3506f  2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
 67f5ef6ae5acea07bca6560a5bcf2c92  2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
 ee2e0fbe97ff041178d21590cc3c8153  2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

 Mandriva Linux 2011/X86_64:
 a957e7a56e08336b51e79554746f14af  2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
 67f2ce45766afef7b4d6077c7ce74ab3  2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
 cb565440ed807e22b90c7b39b569cd7f  2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
 f1e444f58c1c34e82730cc33274f9be4  2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
 d905ad3b3e4721b93a1c73c03904b736  2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
 59da14c146f61c83e7328ed4e47d03c5  2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

 Mandriva Enterprise Server 5:
 35bee93bbe7b07c5ef40d0cdc9666780  mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
 4dee9ac6d19b7e09400c76ac037e5cb3  mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
 fb0efbcf6b45c99f8706a92176352da9  mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
 fc5b40ab4b47d843890db033a7ac33bc  mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
 43a3600fdbacf3835e7c50f1a3b53013  mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
 1fc18562b79267c9042d12e3803e62ba  mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5eed0706962564085444d6ad9c257c6a  mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
 a1cec283ea30e3e0150b455df66aaae5  mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
 23faf2af638b0b8170e4e1ec52ff796d  mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
 9e5200bb525b14741d2acd65e127e41e  mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
 5e73b553cbad16496b2e4814a4315789  mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
 210e0928dbbc3d101e58d7dd93605d54  mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.