Debian has issued this advisory on April 29: http://www.debian.org/security/2012/dsa-2462 Cauldron is also affected. Patches commited to SVN and freeze push requested. Patched package for Mageia 1 uploaded. Advisory: ======================== Updated imagemagick packages fix security vulnerabilities: An out-of heap-based buffer read flaw was found in the way ImageMagick, an image display and manipulation tool for the X Window System, retrieved Exchangeable image file format (Exif) header tag information from certain JPEG files. A remote attacker could provide a JPEG image file, with EXIF header containing specially-crafted tag values, which once opened in some ImageMagick tool would lead to the crash of that tool (denial of service) (CVE-2012-0259, CVE-2012-0260, CVE-2012-1798, CVE-2012-1610). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1798 http://www.debian.org/security/2012/dsa-2462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 ======================== Updated packages in core/updates_testing: ======================== imagemagick-6.6.6.10-5.2.mga1 imagemagick-desktop-6.6.6.10-5.2.mga1 libmagick4-6.6.6.10-5.2.mga1 libmagick-devel-6.6.6.10-5.2.mga1 perl-Image-Magick-6.6.6.10-5.2.mga1 imagemagick-doc-6.6.6.10-5.2.mga1 from imagemagick-6.6.6.10-5.2.mga1.src.rpm
Blocks: (none) => 5046
Blocks: 5046 => (none)
Testing on 64-bits Mageia 1. I did basic test such as display, identify or convert. It works fine.
CC: (none) => olivier.delaune
Testing complete on i586. Testing using basic tests, including resizing and adding a border to images. Could someone from the sysadmin team push the srpm imagemagick-6.6.6.10-5.2.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: Updated imagemagick packages fix security vulnerabilities: An out-of heap-based buffer read flaw was found in the way ImageMagick, an image display and manipulation tool for the X Window System, retrieved Exchangeable image file format (Exif) header tag information from certain JPEG files. A remote attacker could provide a JPEG image file, with EXIF header containing specially-crafted tag values, which once opened in some ImageMagick tool would lead to the crash of that tool (denial of service) (CVE-2012-0259, CVE-2012-0260, CVE-2012-1798, CVE-2012-1610). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1798 http://www.debian.org/security/2012/dsa-2462 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 https://bugs.mageia.org/show_bug.cgi?id=5701
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED