Bug 7148

Summary: imagemagick new security issue CVE-2012-3437
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: davidwhodgins, ed_rus099, kristina.striegnitz, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/512921/
Whiteboard: MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK
Source RPM: imagemagick-6.7.5.10-2.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-08-23 00:12:04 CEST 
Ubuntu has issued an advisory today (August 22):
http://www.ubuntu.com/usn/usn-1544-1/

Cauldron is not affected as it was fixed upstream in 6.7.9-0.

Patched package uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated imagemagick packages fix security vulnerability:

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and
earlier does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3437).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://www.ubuntu.com/usn/usn-1544-1/
========================

Updated packages in core/updates_testing:
========================
imagemagick-6.6.6.10-5.3.mga1
imagemagick-desktop-6.6.6.10-5.3.mga1
libmagick4-6.6.6.10-5.3.mga1
libmagick-devel-6.6.6.10-5.3.mga1
perl-Image-Magick-6.6.6.10-5.3.mga1
imagemagick-doc-6.6.6.10-5.3.mga1
imagemagick-6.7.5.10-2.1.mga2
imagemagick-desktop-6.7.5.10-2.1.mga2
libmagick5-6.7.5.10-2.1.mga2
libmagick-devel-6.7.5.10-2.1.mga2
perl-Image-Magick-6.7.5.10-2.1.mga2
imagemagick-doc-6.7.5.10-2.1.mga2

from SRPMS:
imagemagick-6.6.6.10-5.3.mga1.src.rpm
imagemagick-6.7.5.10-2.1.mga2.src.rpm
David Walser 2012-08-23 00:12:12 CEST

Whiteboard: (none) => MGA1TOO

Comment 1 Eduard Beliaev 2012-08-23 20:23:53 CEST 
I have this version installed:
Source RPM  : imagemagick-6.7.5.10-2.mga2.src.rpm

It doesn't have the .1, and I have already updated testing repositories...

CC: (none) => ed_rus099

Comment 2 David Walser 2012-08-23 20:30:30 CEST 
You'll have to wait until your mirror picks it up or use another mirror.
Comment 3 Dave Hodgins 2012-08-24 00:13:24 CEST 
Testing complete on Mageia 2 i586.

No poc, so just testing that the program works.

Was able to resize a png image, and tried some of the effects.

CC: (none) => davidwhodgins
Whiteboard: MGA1TOO => MGA1TOO MGA2-32-OK

Comment 4 Dave Hodgins 2012-08-24 00:15:52 CEST 
Testing Mageia 1 i586.
Kristina Striegnitz 2012-08-24 01:01:00 CEST

CC: (none) => kristina.striegnitz
Whiteboard: MGA1TOO MGA2-32-OK => MGA1TOO MGA2-32-OK MGA2-64-OK

Comment 5 Kristina Striegnitz 2012-08-24 01:04:02 CEST 
Finished testing on Mageia 2  x86_64.

Tried resizing, transforming and converting image using the gui. Also tried display and convert command from the command line.
Kristina Striegnitz 2012-08-24 01:23:04 CEST

Keywords: (none) => validated_update
Whiteboard: MGA1TOO MGA2-32-OK MGA2-64-OK => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK

Comment 6 Dave Hodgins 2012-08-24 01:28:46 CEST 
Testing complete on Mageia i586 and x86-64.

Could someone from the sysadmin team push the srpm
imagemagick-6.7.5.10-2.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates, and the srpm
imagemagick-6.6.6.10-5.3.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated imagemagick packages fix security vulnerability:

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and
earlier does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash)
via a crafted PNG file that triggers incorrect memory allocation
(CVE-2012-3437).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://www.ubuntu.com/usn/usn-1544-1/

https://bugs.mageia.org/show_bug.cgi?id=7148

CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2012-08-27 00:18:19 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED