LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 3 Update: ImageMagick-6.2.2.0-2.fc3 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora An malicious image could cause a denial-of-service in the xwd coder. The update fixes this issue.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-395
2005-05-26
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : ImageMagick
Version     : 6.2.2.0                      
Release     : 2.fc3                  
Summary     : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

---------------------------------------------------------------------
Update Information:

An malicious image could cause a denial-of-service in the xwd
coder. The update fixes this issue.

---------------------------------------------------------------------
* Thu May 26 2005  - 6.2.2.0-2.fc3

- fix a denial of service in the xwd coder (#158791, CAN-2005-1739)

* Tue Apr 26 2005 Matthias Clasen  - 6.2.2.0-1.fc3

- Update to 6.2.2 to fix a heap corruption issue
  in the pnm coder.

* Mon Apr 25 2005  - 6.2.1.7-2.fc3

- Update to 6.2.1
- Include multiple improvements and bugfixes
  by Rex Dieter et al (111961, 145466, 151196, 149970, 
  146518, 113951, 145449, 144977, 144570, 139298)

* Sun Apr 24 2005  - 6.2.0.7-3

- Make zip compression work for tiff (#154045)

* Wed Mar 16 2005  - 6.2.0.7-2

- Update to 6.2.0 to fix a number of security issues:
  - Drop a lot of upstreamed patches

* Wed Mar  2 2005 Matthias Clasen  6.0.7.1-7

- rebuild with gcc4
- remove an extraneous vsnprintf prototype which causes
  gcc4 to complain

* Mon Oct 11 2004 Tim Waugh  6.0.7.1-4

- The devel subpackage requires XFree86-devel (bug #126509).
- Fixed build requirements (bug #120776).  From Robert Scheck.

* Tue Sep 14 2004 Karsten Hopp  6.0.7.1-3 

- move *.mgk files (#132007, #131708, #132397)

* Sun Sep 12 2004 Karsten Hopp  6.0.7.1-1 

- update to 6.0.7 Patchlevel 1, fixes #132106

* Sat Sep  4 2004 Bill Nottingham  6.0.6.2-2

- move libWand out of -devel, fix requirements (#131767)

* Wed Sep  1 2004 Karsten Hopp  6.0.6.2-1 

- update to latest stable version
- get rid of obsolete patches
- fix remaining patches

* Sat Jun 19 2004 Alan Cox 

- Easyfixes (#124791) - fixed missing dependancy between -devel and
  libexif-devel

* Tue Jun 15 2004 Elliot Lee 

- rebuilt

* Tue Mar 23 2004 Karsten Hopp  5.5.7.15-1.3 

- freetype patch to fix convert (#115716)

* Tue Mar  2 2004 Elliot Lee 

- rebuilt

* Fri Feb 13 2004 Elliot Lee 

- rebuilt

* Sun Jan 25 2004 Nils Philippsen  5.5.7.15-0.2

- make perl module link against the built library instead of the
installed one

* Thu Jan 22 2004 Nils Philippsen  5.5.7.15-0.1

- version 5.5.7 patchlevel 15

* Mon Oct 13 2003 Nils Philippsen  5.5.7.10-0.1

- rebuild with release 0.1 to not block an official update package

* Wed Sep 10 2003 Nils Philippsen  5.5.7.10-2

- hack around libtool stupidity
- disable automake patch as we require automake-1.7 anyway

* Wed Sep 10 2003 Nils Philippsen  5.5.7.10-1

- version 5.5.7 patchlevel 10

* Wed Jun  4 2003 Elliot Lee 

- rebuilt

* Thu May 29 2003 Tim Powers  -4

- rebuild for RHEL to fix broken deps

* Thu May 15 2003 Tim Powers  5.5.6-3

- rebuild again to fix broken dep on libMagick.so.5

* Mon May 12 2003 Karsten Hopp  5.5.6-2

- rebuild

* Fri May  9 2003 Karsten Hopp  5.5.6-1

- update
- specfile fixes
          - verified that the upstream version fixes the following
bugreports:

* Wed Jan 22 2003 Tim Powers 

- rebuilt

* Sat Jan  4 2003 Jeff Johnson  5.4.7-9

- use internal dep generator.

* Mon Dec 16 2002 Tim Powers  5.4.7-8

- rebuild

* Sat Dec 14 2002 Tim Powers  5.4.7-7

- don't use rpms internal dep generator

* Fri Nov 22 2002 Tim Powers 

- fix perl paths in file list

* Thu Nov 21 2002 Tim Powers 

- lib64'ize
- don't throw stuff in /usr/X11R6, that's for X only
- remove files we aren't shipping

* Sat Aug 10 2002 Elliot Lee 

- rebuilt with gcc-3.2 (we hope)

* Tue Jul 23 2002 Tim Powers  5.4.7-4

- build using gcc-3.2-0.1

* Wed Jul  3 2002 Karsten Hopp  5.4.7-3

- fix non-cpp headers in -devel package
- fix #62157 (wrong path for include files in ImageMagick-devel)
- fix #63897 (use _target instead of _arch) in libtool workaround
- fix #65860, #65780 (tiff2ps) expands images to >10 MB Postscript
files.

* Mon Jul  1 2002 Karsten Hopp  5.4.7-1

- update
- fix localdoc patch
- fix %files section
- disable nonroot patch
- fix #62100,55950,62162,63136 (display doesn't start form gnome menu)
- fix libtool workaround
- moved Magick*-config into -devel package (#64249)

* Sun May 26 2002 Tim Powers 

- automated rebuild

* Mon May  6 2002 Bernhard Rosenkraenzer  5.4.6-1

- 5.4.6

* Thu Mar 14 2002 Bernhard Rosenkraenzer  5.4.3.11-1

- Update to pl 11

* Fri Feb 22 2002 Bernhard Rosenkraenzer  5.4.3.5-1

- Update to 5.4.3 pl5; this fixes #58080

* Thu Jan 17 2002 Bernhard Rosenkraenzer  5.4.2.3-1

- Patchlevel 3

* Wed Jan  9 2002 Tim Powers 

- automated rebuild

* Fri Jan  4 2002 Bernhard Rosenkraenzer  5.4.2.2-1

- Update to 5.4.2-2
- Fix #57923, also don't hardcode netscape as html viewer

* Wed Dec  5 2001 Bernhard Rosenkraenzer  5.4.1-1

- 5.4.1
- Link against new libstdc++

* Fri Nov  9 2001 Bernhard Rosenkraenzer  5.4.0.5-1

- 5.4.0.5
- Make the error message when trying to display an hpgl file more
  explicit (#55875)

* Mon Nov  5 2001 Bernhard Rosenkraenzer  5.4.0.3-1

- 5.4.0.3
- Fix names of man pages

* Mon Oct 22 2001 Bernhard Rosenkraenzer  5.4.0-1

- 5.4.0
- work around build system breakage causing applications to be named
  i386-redhat-linux-foo rather than foo

* Wed Sep 19 2001 Bernhard Rosenkraenzer  5.3.9-1

- 5.3.9

* Mon Aug 27 2001 Bernhard Rosenkraenzer  5.3.8-3

- Add delegates.mgk back, got lost during the update to 5.3.8 (Makefile
bug)
  (#52611)

* Mon Aug 20 2001 Bernhard Rosenkraenzer  5.3.8-2

- Remove Magick++ includes from -devel, they're already in -c++-devel
  (#51590)

* Sat Jul 28 2001 Bernhard Rosenkraenzer  5.3.8-1

- 5.3.8 (bugfix release)

* Fri Jul 27 2001 Than Ngo  5.3.7-3

- fix to build Perlmagic on s390 s390x

* Thu Jul 26 2001 Bernhard Rosenkraenzer  5.3.7-2

- Add delegates.mgk to the package (#50725)

* Tue Jul 24 2001 Bernhard Rosenkraenzer  5.3.7-1

- 5.3.7
- Fix build without previously installed ImageMagick-devel (#49816)
- Move perl bindings to a separate package.

* Mon Jul  9 2001 Bernhard Rosenkraenzer  5.3.6-2

- Fix build as non-root again
- Shut up rpmlint

* Tue Jul  3 2001 Bernhard Rosenkraenzer  5.3.6-1

- 5.3.6
- Get rid of the ia64 patch, it's no longer needed since glibc was fixed

* Sat Jun 16 2001 Than Ngo 

- update to 5.3.5
- cleanup specfile

* Sat May 19 2001 Bernhard Rosenkraenzer  5.3.3-2

- 5.3.3-respin, fixes #41196

* Tue May  1 2001 Bernhard Rosenkraenzer  5.3.3-1

- 5.3.3
- Add a desktop file for "display" (RFE#17417)

* Sun Apr 15 2001 Bernhard Rosenkraenzer 

- 5.3.2
- work around bugs in ia64 glibc headers

* Mon Jan  8 2001 Florian La Roche 

- remove patch for s390, it is not necessary

* Mon Jan  1 2001 Bernhard Rosenkraenzer 

- 5.2.7

* Wed Dec 27 2000 Bernhard Rosenkraenzer 

- 5.2.6

* Mon Dec 18 2000 Than Ngo 

- ported to s390

* Mon Sep 25 2000 Bernhard Rosenkraenzer 

- 5.2.4
- Fix up and package the C++ bindings in the new c++/c++-devel packages.

* Wed Aug  2 2000 Matt Wilson 

- rebuild against new libpng

* Wed Jul 19 2000 Nalin Dahyabhai 

- include images with docs (#10312)

* Thu Jul 13 2000 Matt Wilson 

- don't build with -ggdb, use -g instead.

* Wed Jul 12 2000 Prospector 

- automatic rebuild

* Mon Jul  3 2000 Florian La Roche 

- update to 5.2.2 beta

* Mon Jul  3 2000 Florian La Roche 

- update to 5.2.1, redone patches as they failed

* Fri Jun 30 2000 Matt Wilson 

- remove hacks to move perl man pages
- don't include the perl*/man stuff, these files go in /usr/share/man
now.

* Thu Jun 15 2000 Nalin Dahyabhai 

- disable optimization on Alpha and Sparc

* Wed Jun 14 2000 Nalin Dahyabhai 

- update to 5.2.0
- update URL
- remove redundant CXXFLAGS=$RPM_OPT_FLAGS

* Thu Jun  1 2000 Matt Wilson 

- bootstrap rebuilt to nuke broken libbz2 deps
- add Prefix: tag such that the FHS macros work properly

* Wed May 17 2000 Trond Eivind Glomsrød 

- now compiles with bzip2 1.0
- changed buildroot to include version

* Fri May  5 2000 Bill Nottingham 

- fix compilation with new perl

* Sat Mar 18 2000 Bernhard Rosenkraenzer 

- 5.1.1

* Thu Feb  3 2000 Bernhard Rosenkraenzer 

- Rebuild to get compressed man pages

* Thu Nov 18 1999 Michael K. Johnson 

- ugly hack to print with lpr instead of lp

* Mon Aug 30 1999 Bill Nottingham 

- update to 4.2.9

* Tue Aug 17 1999 Bill Nottingham 

- update to 4.2.8

* Fri Apr  9 1999 Cristian Gafton 

- include the perl man pages as well

* Tue Apr  6 1999 Michael K. Johnson 

- remove --enable-16bit because it damages interoperability

* Mon Apr  5 1999 Bill Nottingham 

- update to 4.2.2
- change ChangeLog to refer to actual dates. 
- strip binaries

* Thu Apr  1 1999 Bill Nottingham 

- add more files. Oops.

* Sun Mar 21 1999 Cristian Gafton  

- auto rebuild in the new build environment (release 2)

* Wed Mar 10 1999 Bill Nottingham 

- version 4.2.1

* Tue Jan 19 1999 Michael K. Johnson 

- changed group

* Tue Jan 19 1999 Cristian Gafton 

- hacks to make it work with the new perl
- version 4.1.0 (actually installs the sonames as 4.0.10... doh!)
- make sure the libraries have the x bit on

* Wed Jun 10 1998 Prospector System 

- translations modified for de, fr

* Thu May  7 1998 Prospector System 

- translations modified for de, fr, tr

* Tue Apr 21 1998 Cristian Gafton 

- updated to 4.0.5

* Wed Apr  8 1998 Cristian Gafton 

- updated to 4.0.4
- added BuildRoot

* Thu Oct 23 1997 Donnie Barnes 

- updated from 3.8.3 to 3.9.1
- removed PNG patch (appears to be fixed)

* Wed Oct 15 1997 Erik Troan 

- build against new libpng

* Thu Jul 10 1997 Erik Troan 

- built against glibc

* Thu Mar 20 1997 Michael Fulbright 

- updated to version 3.8.3.
- updated source and url tags.


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

46b14afaa77e928fe2fbf1c2c047e9ea
SRPMS/ImageMagick-6.2.2.0-2.fc3.src.rpm
07e9e9d2f9123fba807fab1398399163
x86_64/ImageMagick-6.2.2.0-2.fc3.x86_64.rpm
efd42bedf624a83b7df01e42de4bcb96
x86_64/ImageMagick-devel-6.2.2.0-2.fc3.x86_64.rpm
e2f42d6981e47a92e12362c60c14df3c
x86_64/ImageMagick-perl-6.2.2.0-2.fc3.x86_64.rpm
12837fe4956673b1ca47bb3e45822b3b  x86_64/ImageMagick-c
++-6.2.2.0-2.fc3.x86_64.rpm
8e49f207d357e33b2e61b3897bfff2e6  x86_64/ImageMagick-c
++-devel-6.2.2.0-2.fc3.x86_64.rpm
61166b3493c37ffaf10d4169d9013431
x86_64/debug/ImageMagick-debuginfo-6.2.2.0-2.fc3.x86_64.rpm
976ef84343dc5ba0479ce26c369b194d
x86_64/ImageMagick-6.2.2.0-2.fc3.i386.rpm
2055ce7eba6f4d4fd7a5db380b4138ee  x86_64/ImageMagick-c
++-6.2.2.0-2.fc3.i386.rpm
976ef84343dc5ba0479ce26c369b194d
i386/ImageMagick-6.2.2.0-2.fc3.i386.rpm
53c566457dbaa5aaf80e7a47cd2a276e
i386/ImageMagick-devel-6.2.2.0-2.fc3.i386.rpm
63f59703fac536b2d19fdafae184fc99
i386/ImageMagick-perl-6.2.2.0-2.fc3.i386.rpm
2055ce7eba6f4d4fd7a5db380b4138ee  i386/ImageMagick-c
++-6.2.2.0-2.fc3.i386.rpm
042eaecb9e5657407e5312ede3169fa9  i386/ImageMagick-c
++-devel-6.2.2.0-2.fc3.i386.rpm
339baf891ba0a0b32d113acc6be5832e
i386/debug/ImageMagick-debuginfo-6.2.2.0-2.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.