Skip to navigation

Security Advisory ImageMagick security update

Advisory: RHSA-2005:071-07
Type: Security Advisory
Severity: Moderate
Issued on: 2005-02-15
Last updated on: 2005-02-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0005

Details

Updated ImageMagick packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

ImageMagick is an image display and manipulation tool for the X Window
System.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0005 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
ImageMagick-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 1145a7d29a8b8f444d94834b5e6c32af
ImageMagick-c++-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7f77e9423e940706e843737c6caaf53f
ImageMagick-c++-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e1b8cf2f535ba390f07619327540cb84
ImageMagick-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7748f74dadba601fb43eb04b6bd5787a
ImageMagick-perl-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e907c9aaab08c87c815d289ae3e34d24
 
x86_64:
ImageMagick-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f0ee7ea6c2facad27ef786ded68e8c1
ImageMagick-c++-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: f0950411b38e248645c771ea85b9125d
ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4fdf0a7ccc22f73ddb510ac627bc63d5
ImageMagick-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0f8e9d58c905273acc2a5a0410bbd801
ImageMagick-perl-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 616716d249de35ad9e3888a251757675
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
ImageMagick-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 1145a7d29a8b8f444d94834b5e6c32af
ImageMagick-c++-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7f77e9423e940706e843737c6caaf53f
ImageMagick-c++-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e1b8cf2f535ba390f07619327540cb84
ImageMagick-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7748f74dadba601fb43eb04b6bd5787a
ImageMagick-perl-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e907c9aaab08c87c815d289ae3e34d24
 
IA-64:
ImageMagick-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6389e67ad2ec903f8744355a026671c0
ImageMagick-c++-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0a5415a7dd437424be36edda7e59404f
ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7ccc183bce8e328c017a6acd15f85746
ImageMagick-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0fbfca7d0531822f1b64fe28410b089a
ImageMagick-perl-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 975b389ef4c61819221a33b46d5798c5
 
PPC:
ImageMagick-6.0.7.1-6.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0005695a74c40faa555381d9294bbce8
ImageMagick-c++-6.0.7.1-6.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7e07a4f6de79a6185867b12b13263200
ImageMagick-c++-devel-6.0.7.1-6.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: ab2dac355d35242988da6873de6422e2
ImageMagick-devel-6.0.7.1-6.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 62a235627ca1eee014b69ee68ee6b93f
ImageMagick-perl-6.0.7.1-6.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 76d2a6e6ab17003535fa8019d3fbeab9
 
s390:
ImageMagick-6.0.7.1-6.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6d43807788a76a876b4abef3ff0ff1b0
ImageMagick-c++-6.0.7.1-6.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 321e1f007114e0bd581bd83b0eda7fe6
ImageMagick-c++-devel-6.0.7.1-6.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 3b0d090b96e796c6aff5507d13ed35ae
ImageMagick-devel-6.0.7.1-6.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 764d139053a2964c1ecee0407ea60c41
ImageMagick-perl-6.0.7.1-6.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: c239527e5377076c6d57afea04fa18c3
 
s390x:
ImageMagick-6.0.7.1-6.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 83717e077a6401a30f9d52b858d62809
ImageMagick-c++-6.0.7.1-6.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: c4898fe5d9b06b537f7871c812846d22
ImageMagick-c++-devel-6.0.7.1-6.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 5aaf3be1910b8ce7b4e7ed01fb35e049
ImageMagick-devel-6.0.7.1-6.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7672587e292ef5e94490749e367508a8
ImageMagick-perl-6.0.7.1-6.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7bc82308c1b8b405ba45ced6553a1fe0
 
x86_64:
ImageMagick-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f0ee7ea6c2facad27ef786ded68e8c1
ImageMagick-c++-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: f0950411b38e248645c771ea85b9125d
ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4fdf0a7ccc22f73ddb510ac627bc63d5
ImageMagick-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0f8e9d58c905273acc2a5a0410bbd801
ImageMagick-perl-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 616716d249de35ad9e3888a251757675
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
ImageMagick-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 1145a7d29a8b8f444d94834b5e6c32af
ImageMagick-c++-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7f77e9423e940706e843737c6caaf53f
ImageMagick-c++-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e1b8cf2f535ba390f07619327540cb84
ImageMagick-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7748f74dadba601fb43eb04b6bd5787a
ImageMagick-perl-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e907c9aaab08c87c815d289ae3e34d24
 
IA-64:
ImageMagick-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6389e67ad2ec903f8744355a026671c0
ImageMagick-c++-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0a5415a7dd437424be36edda7e59404f
ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7ccc183bce8e328c017a6acd15f85746
ImageMagick-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0fbfca7d0531822f1b64fe28410b089a
ImageMagick-perl-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 975b389ef4c61819221a33b46d5798c5
 
x86_64:
ImageMagick-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f0ee7ea6c2facad27ef786ded68e8c1
ImageMagick-c++-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: f0950411b38e248645c771ea85b9125d
ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4fdf0a7ccc22f73ddb510ac627bc63d5
ImageMagick-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0f8e9d58c905273acc2a5a0410bbd801
ImageMagick-perl-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 616716d249de35ad9e3888a251757675
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
ImageMagick-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 1145a7d29a8b8f444d94834b5e6c32af
ImageMagick-c++-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7f77e9423e940706e843737c6caaf53f
ImageMagick-c++-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e1b8cf2f535ba390f07619327540cb84
ImageMagick-devel-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7748f74dadba601fb43eb04b6bd5787a
ImageMagick-perl-6.0.7.1-6.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: e907c9aaab08c87c815d289ae3e34d24
 
IA-64:
ImageMagick-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6389e67ad2ec903f8744355a026671c0
ImageMagick-c++-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0a5415a7dd437424be36edda7e59404f
ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7ccc183bce8e328c017a6acd15f85746
ImageMagick-devel-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0fbfca7d0531822f1b64fe28410b089a
ImageMagick-perl-6.0.7.1-6.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 975b389ef4c61819221a33b46d5798c5
 
x86_64:
ImageMagick-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f0ee7ea6c2facad27ef786ded68e8c1
ImageMagick-c++-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: f0950411b38e248645c771ea85b9125d
ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4fdf0a7ccc22f73ddb510ac627bc63d5
ImageMagick-devel-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0f8e9d58c905273acc2a5a0410bbd801
ImageMagick-perl-6.0.7.1-6.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 616716d249de35ad9e3888a251757675
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

145123 - CAN-2005-0005 buffer overflow in ImageMagick


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/