MGASA-2012-0267
| Date: | September 13th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated graphicsmagick packages fix security vulnerability:
The Magick_png_malloc function in coders/png.c in GraphicsMagick 1.3.16
and earlier does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash) via
a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3438).
Updated Packages:
Mageia 1:
graphicsmagick-1.3.12-3.3.mga1
graphicsmagick-doc-1.3.12-3.3.mga1
lib(64)graphicsmagick3-1.3.12-3.3.mga1
lib(64)graphicsmagickwand2-1.3.12-3.3.mga1
lib(64)graphicsmagick-devel-1.3.12-3.3.mga1
perl-Graphics-Magick-1.3.12-3.3.mga1
Mageia 2:
graphicsmagick-1.3.13-1.5.mga2
graphicsmagick-doc-1.3.13-1.5.mga2
lib(64)graphicsmagick3-1.3.13-1.5.mga2
lib(64)graphicsmagickwand2-1.3.13-1.5.mga2
lib(64)graphicsmagick-devel-1.3.13-1.5.mga2
perl-Graphics-Magick-1.3.13-1.5.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3438
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086029.html
https://bugs.mageia.org/show_bug.cgi?id=7396
