Security Advisory ImageMagick security update

Advisory: RHSA-2004:636-03
Type: Security Advisory
Severity: Important
Issued on: 2004-12-08
Last updated on: 2004-12-08
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0827
CVE-2004-0981

Details

Updated ImageMagick packages that fixes a buffer overflow are now available.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
ImageMagick-5.5.6-7.src.rpm     0eca5e4139fabef268b8b94405406037
 
IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     1b048cef4ad7d7f80fe6b174304efd2f
 
x86_64:
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
ImageMagick-5.3.8-6.src.rpm     04d666060f01521d9fea24742a3f5439
 
IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     5e35ecce0aeb39bcdcab5d307e6a289d
 
IA-64:
ImageMagick-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     9eebb430cc2782bf8779c2b6c1ac9330
ImageMagick-c++-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     03597330fda5d808c67f7e9217e6cd99
ImageMagick-c++-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     9a2b3cde42826d541dc25cc18b6fef82
ImageMagick-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     3ef246ab1ead8e4ac34d5fb600ba6e11
ImageMagick-perl-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     0f8b492a2e35876487a18cb34717530f
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
ImageMagick-5.5.6-7.src.rpm     0eca5e4139fabef268b8b94405406037
 
IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     f5d26f006e80d29379611fe429a057a5
 
PPC:
ImageMagick-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145		     90facda803fb447e862d754a0f773a24
ImageMagick-c++-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145		     1f7dd0b886fc4dd81f83d203cf125e1c
ImageMagick-c++-devel-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145		     1b005351b9db9d7882bfb636d4c31d18
ImageMagick-devel-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145		     a30586353d6bb70020ed3df263f1a497
ImageMagick-perl-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145		     4f2d299fb4fb9831513136d8e56ec8f9
 
s390:
ImageMagick-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145		     7acdb99fdb3735bec4b5deaffe48638f
ImageMagick-c++-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145		     744ad5fe4fcdd1931e6a29acf52c126b
ImageMagick-c++-devel-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145		     cfb51a057018d71a439067395835434d
ImageMagick-devel-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145		     49aa63d472ea09bb054cd05907941f40
ImageMagick-perl-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145		     fb355cd7d24232761a23231c00f9ceef
 
s390x:
ImageMagick-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145		     2c986024e9a51e4cef1157260efebc28
ImageMagick-c++-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145		     1be22c2e7138567cd9b37f727e1eb2ad
ImageMagick-c++-devel-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145		     557aa610b7be1d2ef6670cada21631de
ImageMagick-devel-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145		     74535eac90406854a4d16432b33d9ef2
ImageMagick-perl-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145		     1120d649cfe4b12886a402280fd50b20
 
x86_64:
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
ImageMagick-5.3.8-6.src.rpm     04d666060f01521d9fea24742a3f5439
 
IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     5e35ecce0aeb39bcdcab5d307e6a289d
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
ImageMagick-5.5.6-7.src.rpm     0eca5e4139fabef268b8b94405406037
 
IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     f5d26f006e80d29379611fe429a057a5
 
x86_64:
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
ImageMagick-5.3.8-6.src.rpm     04d666060f01521d9fea24742a3f5439
 
IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165		     5e35ecce0aeb39bcdcab5d307e6a289d
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
ImageMagick-5.5.6-7.src.rpm     0eca5e4139fabef268b8b94405406037
 
IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145		     1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145		     f5d26f006e80d29379611fe429a057a5
 
x86_64:
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145		     66699a74e16e141df285f25146da7a43
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
ImageMagick-5.3.8-6.src.rpm     04d666060f01521d9fea24742a3f5439
 
IA-64:
ImageMagick-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     9eebb430cc2782bf8779c2b6c1ac9330
ImageMagick-c++-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     03597330fda5d808c67f7e9217e6cd99
ImageMagick-c++-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     9a2b3cde42826d541dc25cc18b6fef82
ImageMagick-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     3ef246ab1ead8e4ac34d5fb600ba6e11
ImageMagick-perl-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165		     0f8b492a2e35876487a18cb34717530f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

130807 - CAN-2004-0827 heap overflow in BMP decoder
138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0981
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/