Skip to navigation

Security Advisory ImageMagick security update

Advisory: RHSA-2004:636-03
Type: Security Advisory
Severity: Important
Issued on: 2004-12-08
Last updated on: 2004-12-08
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0827
CVE-2004-0981

Details

Updated ImageMagick packages that fixes a buffer overflow are now available.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1b048cef4ad7d7f80fe6b174304efd2f
 
x86_64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 5e35ecce0aeb39bcdcab5d307e6a289d
 
IA-64:
ImageMagick-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 9eebb430cc2782bf8779c2b6c1ac9330
ImageMagick-c++-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 03597330fda5d808c67f7e9217e6cd99
ImageMagick-c++-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 9a2b3cde42826d541dc25cc18b6fef82
ImageMagick-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 3ef246ab1ead8e4ac34d5fb600ba6e11
ImageMagick-perl-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 0f8b492a2e35876487a18cb34717530f
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f5d26f006e80d29379611fe429a057a5
 
PPC:
ImageMagick-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 90facda803fb447e862d754a0f773a24
ImageMagick-c++-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1f7dd0b886fc4dd81f83d203cf125e1c
ImageMagick-c++-devel-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1b005351b9db9d7882bfb636d4c31d18
ImageMagick-devel-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: a30586353d6bb70020ed3df263f1a497
ImageMagick-perl-5.5.6-7.ppc.rpm
File outdated by:  RHSA-2008:0145
    MD5: 4f2d299fb4fb9831513136d8e56ec8f9
 
s390:
ImageMagick-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7acdb99fdb3735bec4b5deaffe48638f
ImageMagick-c++-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 744ad5fe4fcdd1931e6a29acf52c126b
ImageMagick-c++-devel-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: cfb51a057018d71a439067395835434d
ImageMagick-devel-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 49aa63d472ea09bb054cd05907941f40
ImageMagick-perl-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: fb355cd7d24232761a23231c00f9ceef
 
s390x:
ImageMagick-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7acdb99fdb3735bec4b5deaffe48638f
ImageMagick-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 2c986024e9a51e4cef1157260efebc28
ImageMagick-c++-5.5.6-7.s390.rpm
File outdated by:  RHSA-2008:0145
    MD5: 744ad5fe4fcdd1931e6a29acf52c126b
ImageMagick-c++-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1be22c2e7138567cd9b37f727e1eb2ad
ImageMagick-c++-devel-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 557aa610b7be1d2ef6670cada21631de
ImageMagick-devel-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 74535eac90406854a4d16432b33d9ef2
ImageMagick-perl-5.5.6-7.s390x.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1120d649cfe4b12886a402280fd50b20
 
x86_64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 5e35ecce0aeb39bcdcab5d307e6a289d
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f5d26f006e80d29379611fe429a057a5
 
x86_64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 66699a74e16e141df285f25146da7a43
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
ImageMagick-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 49dfa73a8b65db1b71604ff7dbed85b8
ImageMagick-c++-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: e1e68b14d6c637bfa9525accb884b4cb
ImageMagick-c++-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 4fda06f1279142275c0e3f1365888590
ImageMagick-devel-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 852ce90eaa8d702e4e3c0a74b4b8ae7a
ImageMagick-perl-5.3.8-6.i386.rpm
File outdated by:  RHSA-2008:0165
    MD5: 5e35ecce0aeb39bcdcab5d307e6a289d
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 15459e343c4a2bb2e651a16ae52a215c
ImageMagick-devel-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: e8ba073973164c5cb145ea3bbdca6f21
ImageMagick-perl-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 1b048cef4ad7d7f80fe6b174304efd2f
 
IA-64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: e9d6b12d49f82587079d8630288d5c21
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 76c2730209f2a419d77dcc6228bce775
ImageMagick-c++-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: ad56120694232886525cf73e78059d70
ImageMagick-devel-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5540e68ca6ad478f0c06747e0b0af6a9
ImageMagick-perl-5.5.6-7.ia64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f5d26f006e80d29379611fe429a057a5
 
x86_64:
ImageMagick-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9647bd23372123be8453f3ea2411b9d9
ImageMagick-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 5dca93db805a70a5e5c63e9ad8799924
ImageMagick-c++-5.5.6-7.i386.rpm
File outdated by:  RHSA-2008:0145
    MD5: 7b8262f374a5af5e62f0d6a0e7f4f45b
ImageMagick-c++-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: f57f942a8ed19d997f92767028a66fad
ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: c17c17e26cf6320885fb4b49a48d8d00
ImageMagick-devel-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 9c7bc81a718108e2e848f0cb04223492
ImageMagick-perl-5.5.6-7.x86_64.rpm
File outdated by:  RHSA-2008:0145
    MD5: 66699a74e16e141df285f25146da7a43
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
ImageMagick-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 9eebb430cc2782bf8779c2b6c1ac9330
ImageMagick-c++-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 03597330fda5d808c67f7e9217e6cd99
ImageMagick-c++-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 9a2b3cde42826d541dc25cc18b6fef82
ImageMagick-devel-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 3ef246ab1ead8e4ac34d5fb600ba6e11
ImageMagick-perl-5.3.8-6.ia64.rpm
File outdated by:  RHSA-2008:0165
    MD5: 0f8b492a2e35876487a18cb34717530f
 

Bugs fixed (see bugzilla for more information)

130807 - CAN-2004-0827 heap overflow in BMP decoder
138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/