From Mageia wiki
Jump to: navigation, search

MGASA-2012-0243

Date: August 27th, 2012
Affected releases: 1, 2


Description:
Updated imagemagick packages fix security vulnerability:

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6
and earlier does not use the proper variable type for the allocation
size, which might allow remote attackers to cause a denial of service
(crash) via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3437).


Updated Packages:
Mageia 1:
imagemagick-6.6.6.10-5.3.mga1
imagemagick-desktop-6.6.6.10-5.3.mga1
imagemagick-doc-6.6.6.10-5.3.mga1
lib(64)magick4-6.6.6.10-5.3.mga1
lib(64)magick-devel-6.6.6.10-5.3.mga1
perl-Image-Magick-6.6.6.10-5.3.mga1

Mageia 2:
imagemagick-6.7.5.10-2.1.mga2
imagemagick-desktop-6.7.5.10-2.1.mga2
imagemagick-doc-6.7.5.10-2.1.mga2
lib(64)magick5-6.7.5.10-2.1.mga2
lib(64)magick-devel-6.7.5.10-2.1.mga2
perl-Image-Magick-6.7.5.10-2.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://www.ubuntu.com/usn/usn-1544-1/
https://bugs.mageia.org/show_bug.cgi?id=7148