French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes ImageMagick Regression Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes ImageMagick Regression Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-0547
CVE ID : CVE-2007-0770
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-12

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Mandriva has released security updates to address a vulnerability identified in ImageMagick [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
193c4bcc7fa385bc4582095a3bdc362e 2006.0/i586/ImageMagick-6.2.4.3-1.5.20060mdk.i586.rpm
b412617cbd2bee1ac4b7e5dd9dc7f669 2006.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mdk.i586.rpm
20fc4eec284af86b076bbcbebaee0bb3 2006.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mdk.i586.rpm
f79d82b2e5e4043ccb2871259de495e1 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk.i586.rpm
ab5a38478c7c022197edc5d4f5128aaf 2006.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mdk.i586.rpm
8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a73886f426de014a97adfb746e4565f8 2006.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mdk.x86_64.rpm
bf0d3317021d77551e1154f7e222915c 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mdk.x86_64.rpm
d8f7a2b02a6324579ac78daddb0e6a7e 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mdk.x86_64.rpm
dfb8b167a0070da2d2f9e4ffe28023fe 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk.x86_64.rpm
3739eede5d60601d1dc1d73d01b37202 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mdk.x86_64.rpm
8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

Mandriva Linux 2007.0:
6ab89c972478c2c023da37b93f594d24 2007.0/i586/ImageMagick-6.2.9.2-1.2mdv2007.0.i586.rpm
28f69c54db80c27a101491330f66b662 2007.0/i586/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.i586.rpm
03b4d5956d8877694faac5865d48a520 2007.0/i586/libMagick10.4.0-6.2.9.2-1.2mdv2007.0.i586.rpm
776a23f71fb316acdf5cff805971c34e 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0.i586.rpm
93f2614af3719718cac1d1879d12d12a 2007.0/i586/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.i586.rpm
3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
51380bf4ebf6e0b04c4f4288661ae213 2007.0/x86_64/ImageMagick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
69b0a59488540fdf0f28442f964fd104 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.x86_64.rpm
8fb388fc56a213a28351c9c561861329 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0.x86_64.rpm
ec518f1e4a63e66c2fb352b41760028e 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0.x86_64.rpm
08b01e7f371a53bec64e6beeb5f3ab53 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

Corporate 3.0:
471cef35e46eeb61d6591e13b446479e corporate/3.0/i586/ImageMagick-5.5.7.15-6.10.C30mdk.i586.rpm
70c7d71b8880e5c333c339d5a647268f corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.10.C30mdk.i586.rpm
1cc8b03ddd796be711feb96369129351 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.10.C30mdk.i586.rpm
f6ac22c4a8b964d16a945a058a11018c corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.10.C30mdk.i586.rpm
65c9c8f0d3f8a126a78aa42c4e938143 corporate/3.0/i586/perl-Magick-5.5.7.15-6.10.C30mdk.i586.rpm
3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

Corporate 3.0/X86_64:
b63e6de0c85935b92b9d7c9694a834f3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.10.C30mdk.x86_64.rpm
8e5277702700da02eb6e05a150035770 corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.10.C30mdk.x86_64.rpm
b07b76e7e0a8d66d2d79f712d09958e1 corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.10.C30mdk.x86_64.rpm
9212e9b660e22225a53a98036bc3fcb8 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.10.C30mdk.x86_64.rpm
c7b43627ef24177dd52a375d6b9f21d4 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.10.C30mdk.x86_64.rpm
3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

Corporate 4.0:
e4ba1f2b9651d72c1cd4cb6dd776d751 corporate/4.0/i586/ImageMagick-6.2.4.3-1.5.20060mlcs4.i586.rpm
26d72e8cafcbc76087c7631e8bedd6e5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.i586.rpm
b18d2e5aefe0fc96f6dfef405ac75d1d corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mlcs4.i586.rpm
7ed9b663192e24fd723a238dce7261c3 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.i586.rpm
c7e27a51fc8ee6b3dbf3926be899b028 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.i586.rpm
ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7511f0e4b203f7217774ae3133f6ac97 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
12996cab922873b18717bceeac05f4d0 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
9f63d066ad11524a5855c69f951b87ba corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
4750be3ba0b5fa37378402d80376b168 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
b004eeb51659686cb5cfdfa125ee4102 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm

ChangeLog

2007-02-12 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Sun Logical Domain Manager Local Privilege Escalation Vulnerability

Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability

Sun Java Messaging Server Cross Site Scripting Vulnerability

Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability

Sun Java System Identity Manager Security Bypass Vulnerabilities

Sun Solaris DHCP Buffer Overflow and Denial of Service

Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy