Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2012:165

Nom du paquet: graphicsmagick
Date: 2012-10-12
Advisory ID: MDVSA-2012:165
Affected versions: MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A vulnerability has been found and corrected in graphicsmagick:

The Magick_png_malloc function in coders/png.c in GraphicsMagick
6.7.8-6 does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3438).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 35bee93bbe7b07c5ef40d0cdc9666780  mes5/i586/graphicsmagick-1.2.5-2.3mdvmes5.2.i586.rpm
 4dee9ac6d19b7e09400c76ac037e5cb3  mes5/i586/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.i586.rpm
 fb0efbcf6b45c99f8706a92176352da9  mes5/i586/libgraphicsmagick2-1.2.5-2.3mdvmes5.2.i586.rpm
 fc5b40ab4b47d843890db033a7ac33bc  mes5/i586/libgraphicsmagick-devel-1.2.5-2.3mdvmes5.2.i586.rpm
 43a3600fdbacf3835e7c50f1a3b53013  mes5/i586/libgraphicsmagickwand1-1.2.5-2.3mdvmes5.2.i586.rpm
 1fc18562b79267c9042d12e3803e62ba  mes5/i586/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.i586.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

2011 i586

 367a67379d3161b66b3db37c56297eb3  2011/i586/graphicsmagick-1.3.12-4.3-mdv2011.0.i586.rpm
 d3519a5408d1eeda3db286bc857a4bbb  2011/i586/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.i586.rpm
 65bb6c899b011afea13e8321dd3bdd32  2011/i586/libgraphicsmagick3-1.3.12-4.3-mdv2011.0.i586.rpm
 101c43d52b1620343e1e81e3c6e3506f  2011/i586/libgraphicsmagick-devel-1.3.12-4.3-mdv2011.0.i586.rpm
 67f5ef6ae5acea07bca6560a5bcf2c92  2011/i586/libgraphicsmagickwand2-1.3.12-4.3-mdv2011.0.i586.rpm
 ee2e0fbe97ff041178d21590cc3c8153  2011/i586/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.i586.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

MES5 x86_64

 5eed0706962564085444d6ad9c257c6a  mes5/x86_64/graphicsmagick-1.2.5-2.3mdvmes5.2.x86_64.rpm
 a1cec283ea30e3e0150b455df66aaae5  mes5/x86_64/graphicsmagick-doc-1.2.5-2.3mdvmes5.2.x86_64.rpm
 23faf2af638b0b8170e4e1ec52ff796d  mes5/x86_64/lib64graphicsmagick2-1.2.5-2.3mdvmes5.2.x86_64.rpm
 9e5200bb525b14741d2acd65e127e41e  mes5/x86_64/lib64graphicsmagick-devel-1.2.5-2.3mdvmes5.2.x86_64.rpm
 5e73b553cbad16496b2e4814a4315789  mes5/x86_64/lib64graphicsmagickwand1-1.2.5-2.3mdvmes5.2.x86_64.rpm
 210e0928dbbc3d101e58d7dd93605d54  mes5/x86_64/perl-Graphics-Magick-1.2.5-2.3mdvmes5.2.x86_64.rpm 
 6fa01775d5e75190d2e5fae45381f840  mes5/SRPMS/graphicsmagick-1.2.5-2.3mdvmes5.2.src.rpm

2011 x86_64

 a957e7a56e08336b51e79554746f14af  2011/x86_64/graphicsmagick-1.3.12-4.3-mdv2011.0.x86_64.rpm
 67f2ce45766afef7b4d6077c7ce74ab3  2011/x86_64/graphicsmagick-doc-1.3.12-4.3-mdv2011.0.x86_64.rpm
 cb565440ed807e22b90c7b39b569cd7f  2011/x86_64/lib64graphicsmagick3-1.3.12-4.3-mdv2011.0.x86_64.rpm
 f1e444f58c1c34e82730cc33274f9be4  2011/x86_64/lib64graphicsmagick-devel-1.3.12-4.3-mdv2011.0.x86_64.rpm
 d905ad3b3e4721b93a1c73c03904b736  2011/x86_64/lib64graphicsmagickwand2-1.3.12-4.3-mdv2011.0.x86_64.rpm
 59da14c146f61c83e7328ed4e47d03c5  2011/x86_64/perl-Graphics-Magick-1.3.12-4.3-mdv2011.0.x86_64.rpm 
 3aa91a6951df854074305fed3cd72bc2  2011/SRPMS/graphicsmagick-1.3.12-4.3.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438