RedHat: Moderate: ImageMagick security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security update
Advisory ID:       RHSA-2005:070-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-070.html
Issue date:        2005-03-23
Updated on:        2005-03-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0005 CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0761 CAN-2005-0762
- ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a heap based buffer overflow are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0759 to this issue.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0760 to this issue.

A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0761 to this issue.

A heap overflow bug was found in ImageMagick's SGI parser.  It is possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0762 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145111 - CAN-2005-0005 buffer overflow in ImageMagick
150185 - CAN-2005-0397 ImageMagick format string flaw
150312 - CAN-2005-0759 Denial of Service in .tiff images with invalid TAG
150315 - CAN-2005-0760 Accessing memory outside of image during decoding of TIFF
150323 - CAN-2005-0761 Bug in parsing PSD files
150327 - CAN-2005-0762 Buffer overflow in SGI parser

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

ia64:
de0ab5db6c53da4abc76ef97fd0983ec  ImageMagick-5.3.8-10.ia64.rpm
dc987dc03c1aba45a59051c59db887e0  ImageMagick-c++-5.3.8-10.ia64.rpm
313eab6adc60421b639c2cf76714f55a  ImageMagick-c++-devel-5.3.8-10.ia64.rpm
e964030f316ac822f1749352fa38a225  ImageMagick-devel-5.3.8-10.ia64.rpm
12124b283bc60518963483d957f71fb1  ImageMagick-perl-5.3.8-10.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

ia64:
de0ab5db6c53da4abc76ef97fd0983ec  ImageMagick-5.3.8-10.ia64.rpm
dc987dc03c1aba45a59051c59db887e0  ImageMagick-c++-5.3.8-10.ia64.rpm
313eab6adc60421b639c2cf76714f55a  ImageMagick-c++-devel-5.3.8-10.ia64.rpm
e964030f316ac822f1749352fa38a225  ImageMagick-devel-5.3.8-10.ia64.rpm
12124b283bc60518963483d957f71fb1  ImageMagick-perl-5.3.8-10.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-10.src.rpm
7ea876dd7ef145131e227b93c9477c3c  ImageMagick-5.3.8-10.src.rpm

i386:
e79b17a0964f3242afe48ea977cba811  ImageMagick-5.3.8-10.i386.rpm
e613edc5a641b2826a17a014d23b561d  ImageMagick-c++-5.3.8-10.i386.rpm
73699f8ab694fc27c901dd4b24c9bbd6  ImageMagick-c++-devel-5.3.8-10.i386.rpm
208653fea7be46c37dedb8f335d9bd29  ImageMagick-devel-5.3.8-10.i386.rpm
dfef04e0cc1b1e411a79e67b03b905ac  ImageMagick-perl-5.3.8-10.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

ppc:
f5c8817d0a4c7cfc309ffc91f88536cf  ImageMagick-5.5.6-13.ppc.rpm
9d50784dc7ba6f7442d91d19d4ced50d  ImageMagick-5.5.6-13.ppc64.rpm
6ec612e90b6a29e49fc9dad40632e05b  ImageMagick-c++-5.5.6-13.ppc.rpm
4307b341167d18b89ec07477044da9cf  ImageMagick-c++-5.5.6-13.ppc64.rpm
2a110d90ccf8fe7de4f7c21c95076d8a  ImageMagick-c++-devel-5.5.6-13.ppc.rpm
b7497b642ca0781a97ada5078d8c82d3  ImageMagick-devel-5.5.6-13.ppc.rpm
f50e182783d0fe2a316e44f77813501f  ImageMagick-perl-5.5.6-13.ppc.rpm

s390:
ffdc5754ae7f12c66b1f4dba743678df  ImageMagick-5.5.6-13.s390.rpm
5ab787e7742193fd5ab09d70306afda1  ImageMagick-c++-5.5.6-13.s390.rpm
fa6a3166f01de5e3af7f6dffa4c61378  ImageMagick-c++-devel-5.5.6-13.s390.rpm
a4efd895558315a4b37b977c07e392c2  ImageMagick-devel-5.5.6-13.s390.rpm
8ef03012a946a11d29c8990d782f5160  ImageMagick-perl-5.5.6-13.s390.rpm

s390x:
29cb46983c1f8e6efe0663b0a2b8a6d4  ImageMagick-5.5.6-13.s390x.rpm
ffdc5754ae7f12c66b1f4dba743678df  ImageMagick-5.5.6-13.s390.rpm
68fba7343df00dad18bfd44da9fd86fc  ImageMagick-c++-5.5.6-13.s390x.rpm
5ab787e7742193fd5ab09d70306afda1  ImageMagick-c++-5.5.6-13.s390.rpm
b2856e4eea04fc5113213361ae38e492  ImageMagick-c++-devel-5.5.6-13.s390x.rpm
159972f15e0e249ab2ef742400f7fedd  ImageMagick-devel-5.5.6-13.s390x.rpm
aabd863febeffaafb913d0513f9152c4  ImageMagick-perl-5.5.6-13.s390x.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-13.src.rpm
c9df74ebf9e921c9a254015e9a60da68  ImageMagick-5.5.6-13.src.rpm

i386:
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
571d4b8252cd09388e811dab7b7d420a  ImageMagick-c++-devel-5.5.6-13.i386.rpm
d52da9fea241e7069834e43870d6e305  ImageMagick-devel-5.5.6-13.i386.rpm
0c410c10953a8641a2c58cdd79590318  ImageMagick-perl-5.5.6-13.i386.rpm

ia64:
57266d92716e2e72c4758df06c7078b1  ImageMagick-5.5.6-13.ia64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
97caf495f60b7d27b2da35e17d91b806  ImageMagick-c++-5.5.6-13.ia64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
439e8b7a4c60e7a8d3f21438aa400667  ImageMagick-c++-devel-5.5.6-13.ia64.rpm
50f8e9f478f5888153ddc4a5542250b0  ImageMagick-devel-5.5.6-13.ia64.rpm
99c88878747e363fcb12ba1edb15bb76  ImageMagick-perl-5.5.6-13.ia64.rpm

x86_64:
d4e3cfc3f690b5f0a96660eb8f15857f  ImageMagick-5.5.6-13.x86_64.rpm
e96c043b59ad808214398d62765884b3  ImageMagick-5.5.6-13.i386.rpm
aabcec7ef0e8545b170a86246114bc64  ImageMagick-c++-5.5.6-13.x86_64.rpm
ca5a5de88dbce63e4b68d0813dd0aa0b  ImageMagick-c++-5.5.6-13.i386.rpm
70e707a934f7c674180d144dc54750c7  ImageMagick-c++-devel-5.5.6-13.x86_64.rpm
3a17b125eb8909661f2d0790c788cf4b  ImageMagick-devel-5.5.6-13.x86_64.rpm
9581f193326fb69a826aba2db00c6d98  ImageMagick-perl-5.5.6-13.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0762

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.