LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: ImageMagick security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security update
Advisory ID:       RHSA-2005:070-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-070.html
Issue date:        2005-03-23
Updated on:        2005-03-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0005 CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0761 CAN-2005-0762
- ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a heap based buffer overflow are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0759 to this issue.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0760 to this issue.

A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0761 to this issue.

A heap overflow bug was found in ImageMagick's SGI parser.  It is possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0762 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145111 - CAN-2005-0005 buffer overflow in ImageMagick
150185 - CAN-2005-0397 ImageMagick format string flaw
150312 - CAN-2005-0759 Denial of Service in .tiff images with invalid TAG
150315 - CAN-2005-0760 Accessing memory outside of image during decoding of TIFF
150323 - CAN-2005-0761 Bug in parsing PSD files
150327 - CAN-2005-0762 Buffer overflow in SGI parser

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

ia64:
de0ab5db6c53da4abc76ef97fd0983ec  ImageMagick-5.3.8-10.ia64.rpm
dc987dc03c1aba45a59051c59db887e0  ImageMagick-c++-5.3.8-10.ia64.rpm
313eab6adc60421b639c2cf76714f55a  ImageMagick-c++-devel-5.3.8-10.ia64.rpm
e964030f316ac822f1749352fa38a225  ImageMagick-devel-5.3.8-10.ia64.rpm
12124b283bc60518963483d957f71fb1  ImageMagick-perl-5.3.8-10.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

ia64:
de0ab5db6c53da4abc76ef97fd0983ec  ImageMagick-5.3.8-10.ia64.rpm
dc987dc03c1aba45a59051c59db887e0  ImageMagick-c++-5.3.8-10.ia64.rpm
313eab6adc60421b639c2cf76714f55a  ImageMagick-c++-devel-5.3.8-10.ia64.rpm
e964030f316ac822f1749352fa38a225  ImageMagick-devel-5.3.8-10.ia64.rpm
12124b283bc60518963483d957f71fb1  ImageMagick-perl-5.3.8-10.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

ppc:
f5c8817d0a4c7cfc309ffc91f88536cf  ImageMagick-5.5.6-13.ppc.rpm
9d50784dc7ba6f7442d91d19d4ced50d  ImageMagick-5.5.6-13.ppc64.rpm
6ec612e90b6a29e49fc9dad40632e05b  ImageMagick-c++-5.5.6-13.ppc.rpm
4307b341167d18b89ec07477044da9cf  ImageMagick-c++-5.5.6-13.ppc64.rpm
2a110d90ccf8fe7de4f7c21c95076d8a  ImageMagick-c++-devel-5.5.6-13.ppc.rpm
b7497b642ca0781a97ada5078d8c82d3  ImageMagick-devel-5.5.6-13.ppc.rpm
f50e182783d0fe2a316e44f77813501f  ImageMagick-perl-5.5.6-13.ppc.rpm

s390:
ffdc5754ae7f12c66b1f4dba743678df  ImageMagick-5.5.6-13.s390.rpm
5ab787e7742193fd5ab09d70306afda1  ImageMagick-c++-5.5.6-13.s390.rpm
fa6a3166f01de5e3af7f6dffa4c61378  ImageMagick-c++-devel-5.5.6-13.s390.rpm
a4efd895558315a4b37b977c07e392c2  ImageMagick-devel-5.5.6-13.s390.rpm
8ef03012a946a11d29c8990d782f5160  ImageMagick-perl-5.5.6-13.s390.rpm

s390x:
29cb46983c1f8e6efe0663b0a2b8a6d4  ImageMagick-5.5.6-13.s390x.rpm
ffdc5754ae7f12c66b1f4dba743678df  ImageMagick-5.5.6-13.s390.rpm
68fba7343df00dad18bfd44da9fd86fc  ImageMagick-c++-5.5.6-13.s390x.rpm
5ab787e7742193fd5ab09d70306afda1  ImageMagick-c++-5.5.6-13.s390.rpm
b2856e4eea04fc5113213361ae38e492  ImageMagick-c++-devel-5.5.6-13.s390x.rpm
159972f15e0e249ab2ef742400f7fedd  ImageMagick-devel-5.5.6-13.s390x.rpm
aabd863febeffaafb913d0513f9152c4  ImageMagick-perl-5.5.6-13.s390x.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0762

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.