Skip to navigation

Security Advisory ImageMagick security update

Advisory: RHSA-2004:480-05
Type: Security Advisory
Severity: Important
Issued on: 2004-10-20
Last updated on: 2004-10-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0827

Details

Updated ImageMagick packages that fix a BMP loader vulnerability are now
available.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A heap overflow flaw has been discovered in the ImageMagick image handler.
An attacker could create a carefully crafted BMP file in such a way that it
could cause ImageMagick to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0827 to this issue.

Users of ImageMagick should upgrade to this updated package, which contains
a backported patch, and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
 
IA-32:
ImageMagick-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 10ce65b271a96aa9936dde261101950f
ImageMagick-c++-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 77116e9d76af4794f483762d9f20e4ea
ImageMagick-c++-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57ec4d864f39319124aec5f5e4b43280
ImageMagick-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ae1f3e70590fffb590956d8fdce9bfcc
ImageMagick-perl-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9d5f480fdd133748dcddc33a763d490f
 
x86_64:
ImageMagick-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ac2398a57cf51e8a69dd8c5390f59ff9
ImageMagick-c++-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 16d4ae779d2ef69aea9d863725022a21
ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 30c42ec86f195228c268c24001f45c9a
ImageMagick-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b1f941d2a971a417d858ff32f188bf6c
ImageMagick-perl-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4dea1aa57f513c5e84c3900d455a4637
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
 
IA-32:
ImageMagick-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 10ce65b271a96aa9936dde261101950f
ImageMagick-c++-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 77116e9d76af4794f483762d9f20e4ea
ImageMagick-c++-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57ec4d864f39319124aec5f5e4b43280
ImageMagick-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ae1f3e70590fffb590956d8fdce9bfcc
ImageMagick-perl-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9d5f480fdd133748dcddc33a763d490f
 
IA-64:
ImageMagick-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e20e8750e25c70bbb816e927f630c267
ImageMagick-c++-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3116fc8ca9bd813065000825ab3a1bad
ImageMagick-c++-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b5dc78df650c171dea8e962c79b1efe0
ImageMagick-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f65e3ce07d6b67d238f5a85ab020885f
ImageMagick-perl-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 09f10be40bd9a88f7e0ff6d59e34e70f
 
PPC:
ImageMagick-5.5.6-6.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 46f51cb3c082370bd2f1b9af9415ad7a
ImageMagick-c++-5.5.6-6.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 03f63acc78df42657e6891077d3467f1
ImageMagick-c++-devel-5.5.6-6.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 09fe58f083ffa8e2941202821c0534b5
ImageMagick-devel-5.5.6-6.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 33df253831ce0cd8708afc20f589abbd
ImageMagick-perl-5.5.6-6.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 61477cb1d82fd9079254b995aca7e678
 
s390:
ImageMagick-5.5.6-6.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 757608ce8939fe166074c93913c7b8a2
ImageMagick-c++-5.5.6-6.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: af8965782a23f7d484df3293eb214c0d
ImageMagick-c++-devel-5.5.6-6.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 00c94923b096cf548592ed6f6f16f745
ImageMagick-devel-5.5.6-6.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: c07a76f6457cb277518c17c64d074321
ImageMagick-perl-5.5.6-6.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9faafb72664e87bb2f191fc60fad75b5
 
s390x:
ImageMagick-5.5.6-6.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 55a76a77830de834060f039cc176e4cd
ImageMagick-c++-5.5.6-6.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 8ccdb45d34ff40712ab9f6d0a19fbe86
ImageMagick-c++-devel-5.5.6-6.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: e7eb1807788551defe5f50df2763fce1
ImageMagick-devel-5.5.6-6.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: c74e048ac339446226b5f7c6d76b97f5
ImageMagick-perl-5.5.6-6.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: e05b50851348d5c370901e7d2f3d16e4
 
x86_64:
ImageMagick-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ac2398a57cf51e8a69dd8c5390f59ff9
ImageMagick-c++-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 16d4ae779d2ef69aea9d863725022a21
ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 30c42ec86f195228c268c24001f45c9a
ImageMagick-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b1f941d2a971a417d858ff32f188bf6c
ImageMagick-perl-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4dea1aa57f513c5e84c3900d455a4637
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
 
IA-32:
ImageMagick-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 10ce65b271a96aa9936dde261101950f
ImageMagick-c++-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 77116e9d76af4794f483762d9f20e4ea
ImageMagick-c++-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57ec4d864f39319124aec5f5e4b43280
ImageMagick-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ae1f3e70590fffb590956d8fdce9bfcc
ImageMagick-perl-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9d5f480fdd133748dcddc33a763d490f
 
IA-64:
ImageMagick-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e20e8750e25c70bbb816e927f630c267
ImageMagick-c++-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3116fc8ca9bd813065000825ab3a1bad
ImageMagick-c++-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b5dc78df650c171dea8e962c79b1efe0
ImageMagick-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f65e3ce07d6b67d238f5a85ab020885f
ImageMagick-perl-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 09f10be40bd9a88f7e0ff6d59e34e70f
 
x86_64:
ImageMagick-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ac2398a57cf51e8a69dd8c5390f59ff9
ImageMagick-c++-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 16d4ae779d2ef69aea9d863725022a21
ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 30c42ec86f195228c268c24001f45c9a
ImageMagick-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b1f941d2a971a417d858ff32f188bf6c
ImageMagick-perl-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4dea1aa57f513c5e84c3900d455a4637
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
ImageMagick-5.5.6-6.src.rpm
File outdated by:  RHSA-2008:0145
    MD5: 045e0e91f0ed8f8dec140bf3747b4077
 
IA-32:
ImageMagick-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 10ce65b271a96aa9936dde261101950f
ImageMagick-c++-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 77116e9d76af4794f483762d9f20e4ea
ImageMagick-c++-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 57ec4d864f39319124aec5f5e4b43280
ImageMagick-devel-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: ae1f3e70590fffb590956d8fdce9bfcc
ImageMagick-perl-5.5.6-6.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9d5f480fdd133748dcddc33a763d490f
 
IA-64:
ImageMagick-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e20e8750e25c70bbb816e927f630c267
ImageMagick-c++-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 3116fc8ca9bd813065000825ab3a1bad
ImageMagick-c++-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b5dc78df650c171dea8e962c79b1efe0
ImageMagick-devel-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f65e3ce07d6b67d238f5a85ab020885f
ImageMagick-perl-5.5.6-6.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 09f10be40bd9a88f7e0ff6d59e34e70f
 
x86_64:
ImageMagick-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ac2398a57cf51e8a69dd8c5390f59ff9
ImageMagick-c++-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 16d4ae779d2ef69aea9d863725022a21
ImageMagick-c++-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 30c42ec86f195228c268c24001f45c9a
ImageMagick-devel-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: b1f941d2a971a417d858ff32f188bf6c
ImageMagick-perl-5.5.6-6.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4dea1aa57f513c5e84c3900d455a4637
 

Bugs fixed (see bugzilla for more information)

130807 - CAN-2004-0827 heap overflow in BMP decoder


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/