twin to bug 152668, apparently the same code, different projects. From secunia: Description: Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error within the "ReadDCMImage()" function in coders/dcm.c can be exploited to cause a buffer overflow when processing specially crafted DCM images. 2) Several boundary errors within the "ReadPALMImage()" function in coders/palm.c can be exploited to cause heap-based buffer overflows when processing specially crafted PALM images. Successful exploitation may allow the execution of arbitrary code.
debian bug report at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393025 sekretarz, pls provide an updated ebuild The versions are not the same as those in Debian, but I supposed we are also affected though I did not check it. Someone might want to have a quick look.
no reaction yet, adding herd
2 weeks without any reaction is not OK sekretarz, graphics herd, pls comment/provide an ebuild
Bumped in portage to version 6.3.0.5. Sorry for the delay, i've had a lot of exams lately and no time :/
arches please test media-gfx/imagemagick-6.3.0.5 and mark stable if possible (we are kinda late on this one already)
media-gfx/imagemagick-6.3.0.5 [6.2.9.5] USE="X jpeg mpeg perl png truetype xml zlib -bzip2 -doc -fpx -graphviz -gs -jbig -jpeg2k -lcms -nocxx -tiff -wmf" 1. emerges on x86 2. passes collision test 3. mkgallery works with this version Portage 2.1.1-r1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.1 i686) ================================================================= System uname: 2.6.18.1 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System version 1.12.6 Last Sync: Thu, 16 Nov 2006 16:30:02 +0000 ccache version 2.3 [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
x86 done
1. emerge on amd64 2. passed the perl -MImage::Magick test 3. passed collision test 4. mkgallery works (seemed like a good test :) Portage 2.1.2_rc1-r3 (default-linux/amd64/2006.0, gcc-4.1.1, glibc-2.5-r0, 2.6.18-gentoo x86_64) ================================================================= System uname: 2.6.18-gentoo x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.6 Last Sync: Thu, 16 Nov 2006 09:30:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect cvs distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms sign strict test" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/home/mcummings/projects/overlay/experimental /home/mcummings/projects/overlay/gentoo-x86" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 X Xaw3d a52 aac alsa ao apache2 aqua_theme asf avi background berkdb bitmap-fonts bittorrent browserplugin bzip2 carbone_theme cdr clamav cli cracklib crypt cups curl dbus dlloader doc dri dvb dvd dvdr dvdread eds elibc_glibc emboss encode esd fame ffmpeg flac foomaticdb fortran ftp gdbm gif gnome gnome-print gnutls gpm gstreamer gtk gtk2 gtkhtml guile hal iconv imagemagick imap imlib input_devices_keyboard input_devices_mouse isdnlog ithreads ivtv java javascript jpeg kernel_linux keyring libnotify libwww lirc lirc_devices_happauge_dvb lirc_devices_hauppauge live lzw lzw-tiff mad mbrola mjpeg modperl mozilla mp3 mpeg mplayer musicbrainz mysql na_dd ncurses nptl nptlonly nsplugin nvidia ogg oggvorbis opengl pam pcre pdf perl pink png posix ppds pppd python qa qt3 qt4 readline reflection samba sdl session spamassassin spell spl sqlite ssl startup-notification stream svg tagwriting tcltk tcpd test theora tiff transcode truetype truetype-fonts tv_check type1-fonts usb userland_GNU v4l v4l2 vcd vdr video_cards_nv video_cards_nvidia vorbis w32dll wind32codecs wma xalan xanim xine xinerama xml xorg xpm xprint xv xvid xvmc zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
sparc stable.
ppc64 stable
ppc stable
stable on hppa.
Stable on Alpha + ia64.
Thx Kloeri. This one is ready for GLSA.
GLSA 200611-19 arm, mips, sh don't forget to mark stable to benifit from the GLSA.
I reopen that bug since it seems that the original vulnerability (CVE-2006-5456) was not entirely fixed, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770 "Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456." and https://issues.rpath.com/browse/RPL-1034 "Vladimir Nadvornik (Novell/SUSE) discovered that the security fix for CVE-2006-5456 was incomplete in palm.c, which reads and writes Palm Pixmap files." Debian has also issued a DSA. Graphic team, could you have a look please.
Graphic team, please advise
Stable on MIPS.
Graphics any news on this one?
Graphics team please advise
*** Bug 170855 has been marked as a duplicate of this bug. ***
(In reply to comment #20) > Graphics team please advise > It seems sekretarz is pretty much MIA so someone needs to step up and fix this.
-dev mailed for a new maintainer.
Kloeri was this fixed as well with 6.3.3 on bug #173186?
(In reply to comment #24) > Kloeri was this fixed as well with 6.3.3 on bug #173186? > Fixed in 6.3.3.
6.3.3 is as stable as it needs to be - security should we issue a GLSA update?
I'd vote yes along with bug #173186.
yes, being merged with bug 173186
Somehow this got left out from GLSA 200705-13. I propose that we close this without GLSA.
Since it is not a dupe of any of the two GLSA 200705-13 bugs, i will add this bug to GLSA 200705-13 and close it after that.
now added to GLSA 200705-13, closing. As usual, feel free to reopen if you disagree