Navigation
|
|
| Problem Description |
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted
attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743)
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted
attackers to execute arbitrary code via crafted Sun bitmap images that trigger
heap-based buffer overflows. (CVE-2006-3744)
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before
6.2.9 allows user-assisted attackers to cause a denial of service (crash)
and possibly execute arbitrary code via large (1) bytes_per_pixel, (2)
columns, and (3) rows values, which trigger a heap-based buffer overflow.
(CVE-2006-4144)
The updated packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 3.0
ebb56345796498b2df38fc7559fce769 corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.i586.rpm 8d4ed101a407ed9aca298a5e3085745d corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.i586.rpm 56c80a65cc5b31d4c8dcdae47c56ba57 corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.7.C30mdk.i586.rpm 4ee186d6f9d004296e530a4f8f298f22 corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.7.C30mdk.i586.rpm d9797b8c80c4527f8b41b2be56b3cb63 corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.i586.rpm 45d71f01651307e4768274e80f72ecfa corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm
Corporate Server 3.0/X86_64
19df6c6601c45fa3774c204e3fd25ba3 x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.7.C30mdk.x86_64.rpm 473b57f63e9244de8697b48909f98274 x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.7.C30mdk.x86_64.rpm bde18af5f59aacf8856b9cc90713e6be x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.7.C30mdk.x86_64.rpm dcfc5557a3ebf09ceee49311057021e5 x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.7.C30mdk.x86_64.rpm 6ef9639f8af9e32a9d09a7916a20736c x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.7.C30mdk.x86_64.rpm 45d71f01651307e4768274e80f72ecfa x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.7.C30mdk.src.rpm
Mandriva Linux 2006
f7c1f8c63d6e88a21cf040c27bc20115 2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.i586.rpm 5b1279e63710439d5906452de7619baf 2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.i586.rpm ead63f1889e5f7ad14e07d229e6a51ff 2006.0/RPMS/libMagick8.4.2-6.2.4.3-1.2.20060mdk.i586.rpm af843e36e54d540b262be62c9dfc2213 2006.0/RPMS/libMagick8.4.2-devel-6.2.4.3-1.2.20060mdk.i586.rpm f6a11d5243521e59d4be1c4325c2a46a 2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.i586.rpm e4b6c31d3f78c27d07d1b933b26035d0 2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
85730b9e08b041dd79afc26180f3ea64 x86_64/2006.0/RPMS/ImageMagick-6.2.4.3-1.2.20060mdk.x86_64.rpm a75ca1c0a7497d8618734fd1c805ec6c x86_64/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.2.20060mdk.x86_64.rpm 69d40772b9caafa636a9645507d3e593 x86_64/2006.0/RPMS/lib64Magick8.4.2-6.2.4.3-1.2.20060mdk.x86_64.rpm b4cafa52cc359762b4986b78dcaf9556 x86_64/2006.0/RPMS/lib64Magick8.4.2-devel-6.2.4.3-1.2.20060mdk.x86_64.rpm b3e2b141c626282a7ea075e64bb6b93c x86_64/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.2.20060mdk.x86_64.rpm e4b6c31d3f78c27d07d1b933b26035d0 x86_64/2006.0/SRPMS/ImageMagick-6.2.4.3-1.2.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.