Ubuntu has issued an advisory today (August 22): http://www.ubuntu.com/usn/usn-1544-1/ Cauldron is not affected as it was fixed upstream in 6.7.9-0. Patched package uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated imagemagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3437). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437 http://www.ubuntu.com/usn/usn-1544-1/ ======================== Updated packages in core/updates_testing: ======================== imagemagick-6.6.6.10-5.3.mga1 imagemagick-desktop-6.6.6.10-5.3.mga1 libmagick4-6.6.6.10-5.3.mga1 libmagick-devel-6.6.6.10-5.3.mga1 perl-Image-Magick-6.6.6.10-5.3.mga1 imagemagick-doc-6.6.6.10-5.3.mga1 imagemagick-6.7.5.10-2.1.mga2 imagemagick-desktop-6.7.5.10-2.1.mga2 libmagick5-6.7.5.10-2.1.mga2 libmagick-devel-6.7.5.10-2.1.mga2 perl-Image-Magick-6.7.5.10-2.1.mga2 imagemagick-doc-6.7.5.10-2.1.mga2 from SRPMS: imagemagick-6.6.6.10-5.3.mga1.src.rpm imagemagick-6.7.5.10-2.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
I have this version installed: Source RPM : imagemagick-6.7.5.10-2.mga2.src.rpm It doesn't have the .1, and I have already updated testing repositories...
CC: (none) => ed_rus099
You'll have to wait until your mirror picks it up or use another mirror.
Testing complete on Mageia 2 i586. No poc, so just testing that the program works. Was able to resize a png image, and tried some of the effects.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO => MGA1TOO MGA2-32-OK
Testing Mageia 1 i586.
CC: (none) => kristina.striegnitzWhiteboard: MGA1TOO MGA2-32-OK => MGA1TOO MGA2-32-OK MGA2-64-OK
Finished testing on Mageia 2 x86_64. Tried resizing, transforming and converting image using the gui. Also tried display and convert command from the command line.
Keywords: (none) => validated_updateWhiteboard: MGA1TOO MGA2-32-OK MGA2-64-OK => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK
Testing complete on Mageia i586 and x86-64. Could someone from the sysadmin team push the srpm imagemagick-6.7.5.10-2.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates, and the srpm imagemagick-6.6.6.10-5.3.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated imagemagick packages fix security vulnerability: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3437). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437 http://www.ubuntu.com/usn/usn-1544-1/ https://bugs.mageia.org/show_bug.cgi?id=7148
CC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED