LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-235
2005-03-30
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : ImageMagick
Version     : 6.2.0.7                      
Release     : 2.fc3                  
Summary     : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

---------------------------------------------------------------------
Update Information:

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

---------------------------------------------------------------------
* Wed Mar 16 2005  - 6.2.0.7-2.fc3

- Update to 6.2.0 to fix a number of security issues:
  - Drop a lot of upstreamed patches


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

dbbd0c32799bc32658214273037f1942
SRPMS/ImageMagick-6.2.0.7-2.fc3.src.rpm
39ecc49bcdfda64dd2cfaac13b332f42
x86_64/ImageMagick-6.2.0.7-2.fc3.x86_64.rpm
908f8c2f25568cf2340db0a6ae7c5b57  x86_64/ImageMagick-
devel-6.2.0.7-2.fc3.x86_64.rpm
7f5112e7f05c9d4a448f5edeb42b153c  x86_64/ImageMagick-
perl-6.2.0.7-2.fc3.x86_64.rpm
039af81133349c933d0de1e1f61f3ba1  x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.x86_64.rpm
455c2286d9f1ed1e778a5c5e905053cb  x86_64/ImageMagick-c++-
devel-6.2.0.7-2.fc3.x86_64.rpm
fe8a3812e6c3fbc8f5016e6eb1d2271a  x86_64/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.x86_64.rpm
1f8387ff55eee8116b53309fc93e28db
x86_64/ImageMagick-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e  x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1f8387ff55eee8116b53309fc93e28db
i386/ImageMagick-6.2.0.7-2.fc3.i386.rpm
a97fb99dfbcddc4391a351a51d544f14  i386/ImageMagick-
devel-6.2.0.7-2.fc3.i386.rpm
12ceecfa8d7fd51e9e7a0eaf92c2abcf  i386/ImageMagick-
perl-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e  i386/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1ed8f7ca926e4fd31500f7ee8f767e72  i386/ImageMagick-c++-
devel-6.2.0.7-2.fc3.i386.rpm
1f8756e8c6b5405dad07396eb34bf064  i386/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Ottawa Linux Symposium: May get by with a little help from its friends
Black Hat 2014: How to crack just about everything
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22
More Details of Onion/Critroni Crypto Ransomware Emerge
Is there Another NSA Leaker? Updated
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.