Mageia alert MGASA-2012-0243 (imagemagick) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0243: imagemagick-6.6.6.10-5.3.mga1
 (1/core), imagemagick-6.7.5.10-2.1.mga2 (2/core) 
Date:
    	       Mon, 27 Aug 2012 00:17:56 +0200
Message-ID:
    	       <20120826221756.GA14852@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0243
Date: 	August 27th, 2012
Affected releases: 	1, 2


Description:
Updated imagemagick packages fix security vulnerability:

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6
and earlier does not use the proper variable type for the allocation
size, which might allow remote attackers to cause a denial of service
(crash) via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3437).


Updated Packages:
Mageia 1:
imagemagick-6.6.6.10-5.3.mga1
imagemagick-desktop-6.6.6.10-5.3.mga1
imagemagick-doc-6.6.6.10-5.3.mga1
lib(64)magick4-6.6.6.10-5.3.mga1
lib(64)magick-devel-6.6.6.10-5.3.mga1
perl-Image-Magick-6.6.6.10-5.3.mga1

Mageia 2:
imagemagick-6.7.5.10-2.1.mga2
imagemagick-desktop-6.7.5.10-2.1.mga2
imagemagick-doc-6.7.5.10-2.1.mga2
lib(64)magick5-6.7.5.10-2.1.mga2
lib(64)magick-devel-6.7.5.10-2.1.mga2
perl-Image-Magick-6.7.5.10-2.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://www.ubuntu.com/usn/usn-1544-1/
https://bugs.mageia.org/show_bug.cgi?id=7148
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)