LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: ImageMagick security vulnerability fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
RedHat Linux Updated ImageMagick packages that fixes a buffer overflow are now available.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ImageMagick packages fix security vulnerability
Advisory ID:       RHSA-2004:636-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-636.html
Issue date:        2004-12-08
Updated on:        2004-12-08
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0981 CAN-2004-0827
---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fixes a buffer overflow are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete.  An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser
130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

ia64:
9eebb430cc2782bf8779c2b6c1ac9330  ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99  ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82  ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11  ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f  ImageMagick-perl-5.3.8-6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

ia64:
9eebb430cc2782bf8779c2b6c1ac9330  ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99  ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82  ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11  ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f  ImageMagick-perl-5.3.8-6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

ppc:
90facda803fb447e862d754a0f773a24  ImageMagick-5.5.6-7.ppc.rpm
1f7dd0b886fc4dd81f83d203cf125e1c  ImageMagick-c++-5.5.6-7.ppc.rpm
1b005351b9db9d7882bfb636d4c31d18  ImageMagick-c++-devel-5.5.6-7.ppc.rpm
a30586353d6bb70020ed3df263f1a497  ImageMagick-devel-5.5.6-7.ppc.rpm
4f2d299fb4fb9831513136d8e56ec8f9  ImageMagick-perl-5.5.6-7.ppc.rpm

s390:
7acdb99fdb3735bec4b5deaffe48638f  ImageMagick-5.5.6-7.s390.rpm
744ad5fe4fcdd1931e6a29acf52c126b  ImageMagick-c++-5.5.6-7.s390.rpm
cfb51a057018d71a439067395835434d  ImageMagick-c++-devel-5.5.6-7.s390.rpm
49aa63d472ea09bb054cd05907941f40  ImageMagick-devel-5.5.6-7.s390.rpm
fb355cd7d24232761a23231c00f9ceef  ImageMagick-perl-5.5.6-7.s390.rpm

s390x:
2c986024e9a51e4cef1157260efebc28  ImageMagick-5.5.6-7.s390x.rpm
1be22c2e7138567cd9b37f727e1eb2ad  ImageMagick-c++-5.5.6-7.s390x.rpm
557aa610b7be1d2ef6670cada21631de  ImageMagick-c++-devel-5.5.6-7.s390x.rpm
74535eac90406854a4d16432b33d9ef2  ImageMagick-devel-5.5.6-7.s390x.rpm
1120d649cfe4b12886a402280fd50b20  ImageMagick-perl-5.5.6-7.s390x.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.