-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:092 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : imagemagick Date : April 9, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated imagemagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3437). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 7fe90bbb731ad0fb0e55747124e8fd96 mbs1/x86_64/imagemagick-6.7.5.10-3.1.mbs1.x86_64.rpm cf159673fde6b441f0137b15bb510ba5 mbs1/x86_64/imagemagick-desktop-6.7.5.10-3.1.mbs1.x86_64.rpm c4ac324ad2db40dc77981f4e1da94338 mbs1/x86_64/imagemagick-doc-6.7.5.10-3.1.mbs1.noarch.rpm 16f52283a58f5b4b3abc3c56996e0347 mbs1/x86_64/lib64magick5-6.7.5.10-3.1.mbs1.x86_64.rpm 9a57af08989ab5f8f9088e23e0e95d8e mbs1/x86_64/lib64magick-devel-6.7.5.10-3.1.mbs1.x86_64.rpm 1371d8af8b006937fc280f1fda7c342a mbs1/x86_64/perl-Image-Magick-6.7.5.10-3.1.mbs1.x86_64.rpm 2734ec58b49b08b1024b8b276f2876d5 mbs1/SRPMS/imagemagick-6.7.5.10-3.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZDz3mqjQ0CJFipgRAhV3AJ0QZ1Vxwc5POmi2TDXv69CoMLtwWwCgoqP3 vTiExmbyWe83nAa2oUwJFeE= =kJtK -----END PGP SIGNATURE-----