LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: ImageMagick security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated ImageMagick packages that fix a format string bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security update
Advisory ID:       RHSA-2005:320-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-320.html
Issue date:        2005-03-23
Updated on:        2005-03-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0397
- ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a format string bug are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System which can read and write multiple image formats.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

Additionally, a bug was fixed which caused ImageMagick(TM) to occasionally
segfault when writing TIFF images to standard output.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142045 - Segmentation fault on conversion to TIFF (possible libtiff bug)
150185 - CAN-2005-0397 ImageMagick format string flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd  ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317  ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f  ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7  ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9  ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3  ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b  ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429  ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b  ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657  ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0  ImageMagick-perl-6.0.7.1-10.ia64.rpm

ppc:
12be580ec878b85766fb395b12594ef3  ImageMagick-6.0.7.1-10.ppc.rpm
0231e95c9d3d20a4ec33bb840f6b95c0  ImageMagick-c++-6.0.7.1-10.ppc.rpm
73d33cc0070d616f04fcc30dddf98db7  ImageMagick-c++-devel-6.0.7.1-10.ppc.rpm
0775ecaf973f9985e195d7d088e3a342  ImageMagick-devel-6.0.7.1-10.ppc.rpm
e59efdba147068fdec313afef97dcb5b  ImageMagick-perl-6.0.7.1-10.ppc.rpm

s390:
dcbb2aedbc432f9291314079a4c2ff7d  ImageMagick-6.0.7.1-10.s390.rpm
4745e6e2e665afbc7b1cac91cddbbc9d  ImageMagick-c++-6.0.7.1-10.s390.rpm
2c4f816ab3892f6914986b2217e2c73e  ImageMagick-c++-devel-6.0.7.1-10.s390.rpm
67adaba9d191ede734f758aec0cd9b5c  ImageMagick-devel-6.0.7.1-10.s390.rpm
2a9a4922e589877e70e2c2e918b05b0f  ImageMagick-perl-6.0.7.1-10.s390.rpm

s390x:
6dea39358712b8575da76e27ff671924  ImageMagick-6.0.7.1-10.s390x.rpm
7e6df039cba4a3cf7fbf5b550dd7a4d1  ImageMagick-c++-6.0.7.1-10.s390x.rpm
87f2a92001e88334cf6f55e82e54529a  ImageMagick-c++-devel-6.0.7.1-10.s390x.rpm
377ad1d4145efd9ae1556f7498564d4d  ImageMagick-devel-6.0.7.1-10.s390x.rpm
b55a7bf0fe172df9936f3628722fc14e  ImageMagick-perl-6.0.7.1-10.s390x.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339  ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917  ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f  ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9  ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7  ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd  ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317  ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f  ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7  ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9  ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3  ImageMagick-perl-6.0.7.1-10.i386.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339  ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917  ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f  ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9  ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7  ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd  ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317  ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f  ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7  ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9  ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3  ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b  ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429  ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b  ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657  ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0  ImageMagick-perl-6.0.7.1-10.ia64.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339  ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917  ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f  ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9  ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7  ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd  ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317  ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f  ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7  ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9  ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3  ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b  ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429  ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b  ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657  ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0  ImageMagick-perl-6.0.7.1-10.ia64.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339  ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917  ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f  ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9  ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7  ImageMagick-perl-6.0.7.1-10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.