Jump to content

Updated ImageMagick packages fix vulnerabilities


mystified
 Share

Recommended Posts

Package name ImageMagick

Date September 22nd, 2004

Advisory ID MDKSA-2004:102

Affected versions 9.2, 10.0, CS2.1

Synopsis Updated ImageMagick packages fix arbitray code execution vulnerabilities

 

 

Problem Description

 

Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or video file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious images that could also allow for the execution of arbitray code with the privileges of the invoking user or process.

 

The updated packages provided are patched to correct these problems.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

abbbed347fae9483f334737d1b9a1bbd 9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.i586.rpm

0de435dfd5a8ed03dc553bd5250a917d 9.2/RPMS/libMagick5.5.7-5.5.7.10-7.1.92mdk.i586.rpm

080f77b2b43fbfaad76ec90031e4f267 9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.1.92mdk.i586.rpm

ffe89c240ee427f7059ea00a106bcb2b 9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.i586.rpm

0d11ea3ef8787c2b04f5b65ed3ccdbde 9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

d0f05cf8b87697c22e4a745cfd7b619d amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.amd64.rpm

5fd03959e72c269e8c3bb946f808b08d amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.1.92mdk.amd64.rpm

1e579e8b745e89336d354602165511f5 amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.1.92mdk.amd64.rpm

0d51cb15a1ea7ba74981a40722477118 amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.amd64.rpm

0d11ea3ef8787c2b04f5b65ed3ccdbde amd64/9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

 

Mandrakelinux 10.0

 

e0d33be5141bfa0b6d013e22204419dd 10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.i586.rpm

826f4b832385039c1835dfd546e51e5d 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.i586.rpm

9499f47a8af648b0f96c620590d8e2f8 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.1.100mdk.i586.rpm

3e4a3b0039d0d5f78064f0ba4c8c5388 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.1.100mdk.i586.rpm

b741e8cecbbd13bd15a54a396e59b914 10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.i586.rpm

0d11ea3ef8787c2b04f5b65ed3ccdbde 10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

58ca93e0ef1c1e1d749a3047e292ee3c amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.amd64.rpm

8b60b43ba1fa7283799960c24804d3f9 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.amd64.rpm

464bd971bfd44076dfe29e59875b2bb4 amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.1.100mdk.amd64.rpm

17dd5dad3d9d5de56f88cdae6aadb14c amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.1.100mdk.amd64.rpm

9d68bca88077c35abc41ec456b4a9526 amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.amd64.rpm

0d11ea3ef8787c2b04f5b65ed3ccdbde amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

 

Corporate Server 2.1

 

6d439c325ad66f229149a0a4cb34d9d3 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.i586.rpm

05f2891d63884af9bbab27b857a97cd9 corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.i586.rpm

e7ed78117793fb6694c472405937d737 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.i586.rpm

45b737c64a896eebddaf83691b995479 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.i586.rpm

6b931bb88f72a454a38f5ac45d6474c3 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

8bf02e24638562da3db142666e60182c x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.x86_64.rpm

052c5e5f275cb21ce37bd7d6334d12d1 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.x86_64.rpm

984fdf326480ee7470c5f98b24baf07e x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.x86_64.rpm

8c16b6f7a2098b1aa03b74b2ea184922 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.x86_64.rpm

6b931bb88f72a454a38f5ac45d6474c3 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of

Link to comment
Share on other sites

 Share

×
×
  • Create New...