Slackware: imagemagick Buffer overflow vulnerabilities
Posted by LinuxSecurity.com Team   
Slackware This imagemagick patch fixes issues with PNG images.

[slackware-security]  imagemagick (SSA:2004-223-02)

New imagemagick packages are available for Slackware 9.1, 10.0,
and -current to fix security issues with PNG images.

More details about the issues with PNG may be found in the Common
Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Sat Aug  7 17:17:20 AKDT 2004
patches/packages/imagemagick-6.0.4_3-i486-1.tgz:  Upgraded to
  ImageMagick-6.0.4-3.  Fixes PNG security issues.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 9.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/imagemagick-5.5.7_25-i486-1.tgz

Updated package for Slackware 10.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/imagemagick-6.0.4_3-i486-1.tgz

Updated package for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/imagemagick-6.0.4_3-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 9.1 package:
52903d349dcbaf3be88d19c8aa05dbbf  imagemagick-5.5.7_25-i486-1.tgz

Slackware 10.0 package:
ad5531a33331029dcc7013b72f8ec792  imagemagick-6.0.4_3-i486-1.tgz

Slackware -current package:
ad5531a33331029dcc7013b72f8ec792  imagemagick-6.0.4_3-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg imagemagick-6.0.4_3-i486-1.tgz


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com