Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 69825

Summary: media-gfx/imagemagick 6.1.3 buffer overflow fix
Product: Gentoo Security Reporter: Andreas Kobara <abusch>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: graphics+disabled, sekretarz
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.imagemagick.org/www/Changelog.html
Whiteboard: A2 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Andreas Kobara 2004-11-02 04:42:38 UTC
An updated version of Imagemagick is available: 6.1.3

The changelog mentions a buffer-overflow in the exif-loader code,
which was fixed in 6.1.2:

2004-10-25 Daniel Kobras <kobras@debian.org>
* Fix EXIF code to prevent an overflow of the ifdstack array by one entry.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-02 05:04:49 UTC
Graphics please bump
Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 07:58:42 UTC
imagemagick-6.1.3.2 added to portage
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-02 08:20:09 UTC
Arches please mark imagemagick and dev-perl/perlmagick 6.1.3.2 stable.
Comment 4 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 09:36:28 UTC
Stable on amd64.
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2004-11-02 10:35:26 UTC
Stable on ppc.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-02 11:03:23 UTC
Ok, arches DON'T MARK STABLE.
This ebuild as it is breaks libtool...
Comment 7 Karol Wojtaszek (RETIRED) gentoo-dev 2004-11-02 11:32:52 UTC
*** Bug 67553 has been marked as a duplicate of this bug. ***
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-02 12:11:32 UTC
sparc stable, sekretarz fixed the ebuild.
Comment 9 Bryan Ƙstergaard (RETIRED) gentoo-dev 2004-11-03 01:04:27 UTC
Stable on alpha.
Comment 10 SpanKY gentoo-dev 2004-11-03 21:34:29 UTC
hppa/ia64 stable
Comment 11 Olivier Crete (RETIRED) gentoo-dev 2004-11-04 08:02:54 UTC
stable on x86
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-11-04 09:26:29 UTC
I am not sure "Fix EXIF code to prevent an overflow of the ifdstack array by one entry" means it could be exploited to execute arbitrary code... Any other advisory or upstream confirmation ?
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-04 11:29:43 UTC
Secunia thinks so:
http://secunia.com/advisories/12995/
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2004-11-04 11:39:19 UTC
Looks ok to me... go for a GLSA
CAN-2004-0981
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-06 05:54:18 UTC
Back to stable, missing stable on ppc and ppc64. Please mark 6.1.3.2 stable
Comment 16 Markus Rothe (RETIRED) gentoo-dev 2004-11-06 06:31:30 UTC
stable on ppc64
Comment 17 Lars Weiler (RETIRED) gentoo-dev 2004-11-06 09:33:52 UTC
ppc finally done
Comment 18 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-06 10:57:58 UTC
GLSA 200411-11
Comment 19 Hardave Riar (RETIRED) gentoo-dev 2004-11-08 04:46:34 UTC
Stable on mips.