| Summary: | graphicsmagick (mga2) new security issue fixed upstream in 1.3.18 (CVE-2013-4589) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | claire robinson <eeeemail> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory mga2-32-ok mga2-64-ok | ||
| Source RPM: | graphicsmagick | CVE: | |
| Status comment: | |||
|
Description
claire robinson
2013-11-21 11:10:22 CET
Later advisory.. CVE-2013-4589 has been allocated for this issue: http://openwall.com/lists/oss-security/2013/11/15/14 Updating the advisory. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash (CVE-2013-4589). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4589 https://secunia.com/advisories/55288/ http://openwall.com/lists/oss-security/2013/11/15/14 https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html Keywords:
(none) =>
validated_update Making a mess of this, sorry. Advisory now uploaded. Could sysadmin please push from 2 core/updates_testing to updates Thanks! Update pushed: http://advisories.mageia.org/MGASA-2013-0350.html Status:
NEW =>
RESOLVED |