Moderate: ImageMagick security and bug fix update
| Advisory: | RHSA-2010:0652-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2010-08-25 |
| Last updated on: | 2010-08-25 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
| CVEs (cve.mitre.org): |
CVE-2009-1882 |
Details
Updated ImageMagick packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the ImageMagick routine responsible for creating X11 images. An
attacker could create a specially-crafted image file that, when opened by a
victim, would cause ImageMagick to crash or, potentially, execute arbitrary
code. (CVE-2009-1882)
This update also fixes the following bug:
* previously, portions of certain RGB images on the right side were not
rendered and left black when converting or displaying them. With this
update, RGB images display correctly. (BZ#625058)
Users of ImageMagick are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of ImageMagick must be restarted for this update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| RHEL Desktop Workstation (v. 5 client) | |
| SRPMS: | |
| ImageMagick-6.2.8.0-4.el5_5.2.src.rpm File outdated by: RHBA-2010:0784 |
MD5: 73d51b6ef34929e485635cbf94be2b87 SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f |
| IA-32: | |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 953186702ec2878814057318462b8070 SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 04988633e0a4ca383c75c33d7bd8235c SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b |
| x86_64: | |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 953186702ec2878814057318462b8070 SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 189659d7cb30d0154b9dd78a35b0caec SHA-256: 3091e9d5c67dce00208c129eb8b2c69e28ff45476b717a24611e606a69a5f0e3 |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 04988633e0a4ca383c75c33d7bd8235c SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: f41ce351d8f5f8074145e97cb33fa440 SHA-256: bf475f69b4fa56a1b6828cd9941930a6737d22e4d07b653298963a7a7208afc1 |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| ImageMagick-6.2.8.0-4.el5_5.2.src.rpm File outdated by: RHBA-2010:0784 |
MD5: 73d51b6ef34929e485635cbf94be2b87 SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f |
| IA-32: | |
| ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 00e2fae815cd49a230f64898b6ae0d96 SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5aa5a7f21edf08f6f54502a380a49297 SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902 |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 953186702ec2878814057318462b8070 SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 04988633e0a4ca383c75c33d7bd8235c SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5060363384f4166d485da4512ac900c0 SHA-256: b7970b2ee013250b6fc3efa0bcc4c680b9e6282e5fd56ad75fdf188cf7124930 |
| IA-64: | |
| ImageMagick-6.2.8.0-4.el5_5.2.ia64.rpm File outdated by: RHBA-2010:0784 |
MD5: 987154bd2c03683b6985d9de9e44c520 SHA-256: 662d1be91a8fa99a3d6196b63827e99e5ea44df1bdda63f52036ad5d98a02822 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.ia64.rpm File outdated by: RHBA-2010:0784 |
MD5: 7dcaa749bb96077c78498f7562e59063 SHA-256: 29f450de3fa8c9cddd57872f18551d303f6b22ef7afcf2fb43bfbe905d3c294b |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ia64.rpm File outdated by: RHBA-2010:0784 |
MD5: 0e2542cceefd58cdf0a76977ef7be034 SHA-256: c20ded0bc2dd4349c8a54390c7eadabbe999a6df5cc3644db6cc62de66badccf |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.ia64.rpm File outdated by: RHBA-2010:0784 |
MD5: 7c91196cd83e054fa2319c6cbeffa3d4 SHA-256: 76c20c6be07997d788178c89ae0c2a2a034ad7a3f2657fc25fbac2396e5254cc |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.ia64.rpm File outdated by: RHBA-2010:0784 |
MD5: bf6cf5e7a9144483a73e0816c9750d34 SHA-256: d2d2bb7c1f934d54f3162a74fa4d6ea0f8739e13bfbebdc9a61de9252f9d8665 |
| PPC: | |
| ImageMagick-6.2.8.0-4.el5_5.2.ppc.rpm File outdated by: RHBA-2010:0784 |
MD5: d173c164d291590bf1d60ff7ac02e05f SHA-256: d3af5f999828f5a6deef8aafdbcc5841a7b36ca620dc6054d539d3d6bbea274c |
| ImageMagick-6.2.8.0-4.el5_5.2.ppc64.rpm File outdated by: RHBA-2010:0784 |
MD5: 6648c3c5d0bc9fb5d3d07f20774b9bec SHA-256: ad985b2bda8f08f7e131a9c48c63782f12f636d4c0e595da24bd0665b6aa50ef |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.ppc.rpm File outdated by: RHBA-2010:0784 |
MD5: ed9ecc06bc97c3bcb08a9d263fbe3073 SHA-256: 2cdcf9ad7db2efaf67e468c2b4757a143ebf6d6281104fe154241dadf71db808 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.ppc64.rpm File outdated by: RHBA-2010:0784 |
MD5: 004e0b2b0208b1ad2f55c20eaea50754 SHA-256: 454e4ae12cdf6d9628ee9efbfd0f6672e69b2444d59f1287a76ce38f48c13c25 |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ppc.rpm File outdated by: RHBA-2010:0784 |
MD5: e3f5eeb0a68090219d1b787e09addce1 SHA-256: c3daa7218756d288940432b0df44a7d3a9c8c6b3da34a9e2a9ec902d60b85a67 |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ppc64.rpm File outdated by: RHBA-2010:0784 |
MD5: df2be9831d9e0a325e860edad290943f SHA-256: 5240a4c7bf4ef83da7a39d9d01ac4a393549c3cc19ec8ad49a3a7834322d1792 |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.ppc.rpm File outdated by: RHBA-2010:0784 |
MD5: 3a19ed68f7e2f764b4d9da7ce1a1340a SHA-256: 650401e2dfc98ecb96955ece0edf5054d0e7e583258522871b42386e01c970f2 |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.ppc64.rpm File outdated by: RHBA-2010:0784 |
MD5: 08583227519bead9c5123696d7fe91e6 SHA-256: e27b4bf7febe696fc09a0b31b21702a05c2c3bc7624a946eb9404fae25c33402 |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.ppc.rpm File outdated by: RHBA-2010:0784 |
MD5: 57c7c4fdc5f00642aaddd532c522b6dc SHA-256: c149f202e08f444401dee5d1250919c8bbca48ec2f98c0d8a2047990a7e5a97c |
| s390x: | |
| ImageMagick-6.2.8.0-4.el5_5.2.s390.rpm File outdated by: RHBA-2010:0784 |
MD5: 76f8cd21beafabdb855ddbcf0a4aba93 SHA-256: 0aef3404c0a4d12dfb17780bbed8657a9e52391f6fa8207de7e8cc94e1427f7f |
| ImageMagick-6.2.8.0-4.el5_5.2.s390x.rpm File outdated by: RHBA-2010:0784 |
MD5: 4d1b15bff06cb347d0684bdb03caac51 SHA-256: 5e9163107f7ce62663315c071ca31e52d427f7f5e9b96694a4b4eec5808405dc |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.s390.rpm File outdated by: RHBA-2010:0784 |
MD5: f6301007be2e0c8c0ad3082780168185 SHA-256: 3876af3dc86223129e6115d5e83bb3d242e5b09dfd8b24b00fb63c906a2d0e2f |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.s390x.rpm File outdated by: RHBA-2010:0784 |
MD5: af429c76dec846dd881e473704a68406 SHA-256: a9475faf225ae7a61932e00c282f789d0f92db918a02f9ba05f7a0c58658872c |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.s390.rpm File outdated by: RHBA-2010:0784 |
MD5: 1d4133829aa0aa16f2a435a3000083d7 SHA-256: c6e64f36c9d2c97accb09fba157d95f4a4dd76839e4ae7968e641b30643cdac5 |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.s390x.rpm File outdated by: RHBA-2010:0784 |
MD5: 747963791517e9a956dfa29738ce59d8 SHA-256: a7cc4c37c21790931826b22475c7ab66d986c8549ff20eec24f4abcd6f21d8e4 |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.s390.rpm File outdated by: RHBA-2010:0784 |
MD5: 1472efbecafc7f181c95254a9a735227 SHA-256: 860b7d40c45763f90bcc83566469cfc7fbd0bf0d36a1d24d56bf689342dc369c |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.s390x.rpm File outdated by: RHBA-2010:0784 |
MD5: bd142089eca3ad53a15f7003b16225bf SHA-256: 8ff4a2232f1be07b7029807655a364f9496f8520f794ddbd79f503ae293ff476 |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.s390x.rpm File outdated by: RHBA-2010:0784 |
MD5: db3d618ac72529c8325b8d9ad3c3e483 SHA-256: 05edbd838b9cacf33ec88d276f817d782ba5c287c89dd73136cbcbf0a47d7ab6 |
| x86_64: | |
| ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 00e2fae815cd49a230f64898b6ae0d96 SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609 |
| ImageMagick-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 4ce5d5eea31ba9810299c5edcf113abb SHA-256: 9a93672628bbfa016ca8acba6fe2a3410d4dbb027443c88e7a48aeef080addac |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5aa5a7f21edf08f6f54502a380a49297 SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: abf44062eaa3c6ce0c72e7e1eb66c1f2 SHA-256: 736d17e1cd63f925999b7727ab682e311d78a056cce88b5088c11d610e5a109a |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 953186702ec2878814057318462b8070 SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c |
| ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 189659d7cb30d0154b9dd78a35b0caec SHA-256: 3091e9d5c67dce00208c129eb8b2c69e28ff45476b717a24611e606a69a5f0e3 |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 04988633e0a4ca383c75c33d7bd8235c SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b |
| ImageMagick-devel-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: f41ce351d8f5f8074145e97cb33fa440 SHA-256: bf475f69b4fa56a1b6828cd9941930a6737d22e4d07b653298963a7a7208afc1 |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 0d776f49e26b00cb83d49ae89c7ef4dc SHA-256: 0eb3dddc98c9ca1dd0c052a5dce7b81c12438149dc2438587f2e591e17b19a69 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| ImageMagick-6.2.8.0-4.el5_5.2.src.rpm File outdated by: RHBA-2010:0784 |
MD5: 73d51b6ef34929e485635cbf94be2b87 SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f |
| IA-32: | |
| ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 00e2fae815cd49a230f64898b6ae0d96 SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5aa5a7f21edf08f6f54502a380a49297 SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902 |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5060363384f4166d485da4512ac900c0 SHA-256: b7970b2ee013250b6fc3efa0bcc4c680b9e6282e5fd56ad75fdf188cf7124930 |
| x86_64: | |
| ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 00e2fae815cd49a230f64898b6ae0d96 SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609 |
| ImageMagick-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 4ce5d5eea31ba9810299c5edcf113abb SHA-256: 9a93672628bbfa016ca8acba6fe2a3410d4dbb027443c88e7a48aeef080addac |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm File outdated by: RHBA-2010:0784 |
MD5: 5aa5a7f21edf08f6f54502a380a49297 SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902 |
| ImageMagick-c++-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: abf44062eaa3c6ce0c72e7e1eb66c1f2 SHA-256: 736d17e1cd63f925999b7727ab682e311d78a056cce88b5088c11d610e5a109a |
| ImageMagick-perl-6.2.8.0-4.el5_5.2.x86_64.rpm File outdated by: RHBA-2010:0784 |
MD5: 0d776f49e26b00cb83d49ae89c7ef4dc SHA-256: 0eb3dddc98c9ca1dd0c052a5dce7b81c12438149dc2438587f2e591e17b19a69 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
503017 - CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images
625058 - CRM.1902920 - Issue displaying SGI image with ImageMagick
References
https://www.redhat.com/security/data/cve/CVE-2009-1882.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
