-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:223 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ImageMagick Date : December 1, 2006 Affected: 2006.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: df62dd8449b08426a4188d5959b3f823 2006.0/i586/ImageMagick-6.2.4.3-1.4.20060mdk.i586.rpm e87bbddff33171aae89d1d08400907a7 2006.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mdk.i586.rpm 8755d8beabe9a85f3e7a07b73d071c59 2006.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mdk.i586.rpm 2b6ae5e3b4c8e187e095442e7dcd5c24 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mdk.i586.rpm d7e61aa5943b52eb374b0a2e44232e93 2006.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mdk.i586.rpm e5875ef8dd63237d5c7c74a441b123fc 2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 973d1bb7026248e93c9f1a16eba0cfaf 2006.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mdk.x86_64.rpm ca759633ecf8ef52b1c34f55d5a3af6d 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mdk.x86_64.rpm f65de07d50364a3c861f50ce6f11fee4 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mdk.x86_64.rpm c9e86c379bdfeb36e25bfd34e094b921 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mdk.x86_64.rpm 9d58fe1606d8f1f0f6a225df3ac58b48 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mdk.x86_64.rpm e5875ef8dd63237d5c7c74a441b123fc 2006.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mdk.src.rpm Corporate 3.0: fc15d48d236f0d1f738c795190081ddd corporate/3.0/i586/ImageMagick-5.5.7.15-6.9.C30mdk.i586.rpm 3ba801afddeb42759aebd891971b5fce corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.9.C30mdk.i586.rpm 35c8a337172b91501486381be4e0aa7d corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.9.C30mdk.i586.rpm 3273f233005c79adf0602ade443de675 corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.9.C30mdk.i586.rpm 8dfce9d9e00005e990c1203c1144ac34 corporate/3.0/i586/perl-Magick-5.5.7.15-6.9.C30mdk.i586.rpm 3cf9bff07102ada97373a66c5f4c6e05 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm Corporate 3.0/X86_64: 0f8193fed5ac7b344398b9e99fe5bccb corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.9.C30mdk.x86_64.rpm bdae28be1bcacf4f5bc6d9bdfa589cbd corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.9.C30mdk.x86_64.rpm fa4a5fe3e447770c33ef0596da8570fb corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.9.C30mdk.x86_64.rpm 8af081adcd750d5edec44bf1e85e5c7d corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.9.C30mdk.x86_64.rpm e238642447217ade5a772c4b12b492b3 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.9.C30mdk.x86_64.rpm 3cf9bff07102ada97373a66c5f4c6e05 corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.9.C30mdk.src.rpm Corporate 4.0: dde2f028a95732f3d5fd5bfd48ede727 corporate/4.0/i586/ImageMagick-6.2.4.3-1.4.20060mlcs4.i586.rpm 6affed772cabdc8e8eb6e6ed96efb178 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.i586.rpm 426d44c76834a660ea48c09719048de2 corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.4.20060mlcs4.i586.rpm 4cc0f80f0bbfdbc1c26a497f14e2dd0d corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.i586.rpm 9deab133788e00cf6487a057042c3ae0 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.i586.rpm 0b75266159c73fcb8a0f7027d208bee2 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 283a0751148b3468bd3e2281d819f08d corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm 48ee2e7835b97a89e27342c3a27db913 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.4.20060mlcs4.x86_64.rpm fad038ed56f886f4656302721a616578 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.4.20060mlcs4.x86_64.rpm 17b7841d6459f0a52662f43d16f09771 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.4.20060mlcs4.x86_64.rpm dbcfd793204ead891cbf779c1075287e corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.4.20060mlcs4.x86_64.rpm 0b75266159c73fcb8a0f7027d208bee2 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFcJi1mqjQ0CJFipgRAoCvAJ9sJwsy6KmxvLwFtEyFiCoLvVHIaACgj+2v kI0mULDMWX7ydgtZ+bArC40= =m55O -----END PGP SIGNATURE-----