MGASA-2012-0243
| Date: | August 27th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated imagemagick packages fix security vulnerability:
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6
and earlier does not use the proper variable type for the allocation
size, which might allow remote attackers to cause a denial of service
(crash) via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3437).
Updated Packages:
Mageia 1:
imagemagick-6.6.6.10-5.3.mga1
imagemagick-desktop-6.6.6.10-5.3.mga1
imagemagick-doc-6.6.6.10-5.3.mga1
lib(64)magick4-6.6.6.10-5.3.mga1
lib(64)magick-devel-6.6.6.10-5.3.mga1
perl-Image-Magick-6.6.6.10-5.3.mga1
Mageia 2:
imagemagick-6.7.5.10-2.1.mga2
imagemagick-desktop-6.7.5.10-2.1.mga2
imagemagick-doc-6.7.5.10-2.1.mga2
lib(64)magick5-6.7.5.10-2.1.mga2
lib(64)magick-devel-6.7.5.10-2.1.mga2
perl-Image-Magick-6.7.5.10-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://www.ubuntu.com/usn/usn-1544-1/
https://bugs.mageia.org/show_bug.cgi?id=7148
