Skip to navigation

Security Advisory ImageMagick security update

Advisory: RHSA-2005:320-10
Type: Security Advisory
Severity: Moderate
Issued on: 2005-03-23
Last updated on: 2005-03-23
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0397

Details

Updated ImageMagick packages that fix a format string bug are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

ImageMagick(TM) is an image display and manipulation tool for the X Window
System which can read and write multiple image formats.

A format string bug was found in the way ImageMagick handles filenames. An
attacker could execute arbitrary code on a victim's machine if they were
able to trick the victim into opening a file with a specially crafted name.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

Additionally, a bug was fixed which caused ImageMagick(TM) to occasionally
segfault when writing TIFF images to standard output.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
ImageMagick-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c49a75c5604dc6c91dd7644d5f8f1317
ImageMagick-c++-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 703a14542bc4d191d1e8e4eabdb12c7f
ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f7c6aaff730080c5df1a0e5a81fd4c7
ImageMagick-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c2b40c33bdc90235538bc40e14b293f9
ImageMagick-perl-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6f8508bdf55102434b3d734e66a0e8f3
 
x86_64:
ImageMagick-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 672a0fe5f9ba36d3a5398262a2ab4339
ImageMagick-c++-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 409c209e120fa43e39c33cacda54c917
ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 70aaee17027423dcc49895e31889741f
ImageMagick-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: db06e770f7f2b943a0ec9a368adc5fa9
ImageMagick-perl-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: c144f3cbc8398fda48fac46e2faadeb7
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
ImageMagick-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c49a75c5604dc6c91dd7644d5f8f1317
ImageMagick-c++-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 703a14542bc4d191d1e8e4eabdb12c7f
ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f7c6aaff730080c5df1a0e5a81fd4c7
ImageMagick-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c2b40c33bdc90235538bc40e14b293f9
ImageMagick-perl-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6f8508bdf55102434b3d734e66a0e8f3
 
IA-64:
ImageMagick-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 001bda657397f288044e64e0bc05b70b
ImageMagick-c++-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7d931c803bc50137ce838b4abcbd2429
ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4a305e0d3d43b5c4819577d52cb3665b
ImageMagick-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2a86fc9da66f0e6d0e96b3069ca2a657
ImageMagick-perl-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: a2604e4a1e0e05077e4710a73beeb4c0
 
PPC:
ImageMagick-6.0.7.1-10.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 12be580ec878b85766fb395b12594ef3
ImageMagick-c++-6.0.7.1-10.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0231e95c9d3d20a4ec33bb840f6b95c0
ImageMagick-c++-devel-6.0.7.1-10.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 73d33cc0070d616f04fcc30dddf98db7
ImageMagick-devel-6.0.7.1-10.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: 0775ecaf973f9985e195d7d088e3a342
ImageMagick-perl-6.0.7.1-10.ppc.rpm
File outdated by:  RHSA-2010:0653
    MD5: e59efdba147068fdec313afef97dcb5b
 
s390:
ImageMagick-6.0.7.1-10.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: dcbb2aedbc432f9291314079a4c2ff7d
ImageMagick-c++-6.0.7.1-10.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4745e6e2e665afbc7b1cac91cddbbc9d
ImageMagick-c++-devel-6.0.7.1-10.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2c4f816ab3892f6914986b2217e2c73e
ImageMagick-devel-6.0.7.1-10.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 67adaba9d191ede734f758aec0cd9b5c
ImageMagick-perl-6.0.7.1-10.s390.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2a9a4922e589877e70e2c2e918b05b0f
 
s390x:
ImageMagick-6.0.7.1-10.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6dea39358712b8575da76e27ff671924
ImageMagick-c++-6.0.7.1-10.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7e6df039cba4a3cf7fbf5b550dd7a4d1
ImageMagick-c++-devel-6.0.7.1-10.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 87f2a92001e88334cf6f55e82e54529a
ImageMagick-devel-6.0.7.1-10.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: 377ad1d4145efd9ae1556f7498564d4d
ImageMagick-perl-6.0.7.1-10.s390x.rpm
File outdated by:  RHSA-2010:0653
    MD5: b55a7bf0fe172df9936f3628722fc14e
 
x86_64:
ImageMagick-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 672a0fe5f9ba36d3a5398262a2ab4339
ImageMagick-c++-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 409c209e120fa43e39c33cacda54c917
ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 70aaee17027423dcc49895e31889741f
ImageMagick-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: db06e770f7f2b943a0ec9a368adc5fa9
ImageMagick-perl-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: c144f3cbc8398fda48fac46e2faadeb7
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
ImageMagick-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c49a75c5604dc6c91dd7644d5f8f1317
ImageMagick-c++-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 703a14542bc4d191d1e8e4eabdb12c7f
ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f7c6aaff730080c5df1a0e5a81fd4c7
ImageMagick-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c2b40c33bdc90235538bc40e14b293f9
ImageMagick-perl-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6f8508bdf55102434b3d734e66a0e8f3
 
IA-64:
ImageMagick-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 001bda657397f288044e64e0bc05b70b
ImageMagick-c++-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7d931c803bc50137ce838b4abcbd2429
ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4a305e0d3d43b5c4819577d52cb3665b
ImageMagick-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2a86fc9da66f0e6d0e96b3069ca2a657
ImageMagick-perl-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: a2604e4a1e0e05077e4710a73beeb4c0
 
x86_64:
ImageMagick-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 672a0fe5f9ba36d3a5398262a2ab4339
ImageMagick-c++-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 409c209e120fa43e39c33cacda54c917
ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 70aaee17027423dcc49895e31889741f
ImageMagick-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: db06e770f7f2b943a0ec9a368adc5fa9
ImageMagick-perl-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: c144f3cbc8398fda48fac46e2faadeb7
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
ImageMagick-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c49a75c5604dc6c91dd7644d5f8f1317
ImageMagick-c++-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 703a14542bc4d191d1e8e4eabdb12c7f
ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2f7c6aaff730080c5df1a0e5a81fd4c7
ImageMagick-devel-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: c2b40c33bdc90235538bc40e14b293f9
ImageMagick-perl-6.0.7.1-10.i386.rpm
File outdated by:  RHSA-2010:0653
    MD5: 6f8508bdf55102434b3d734e66a0e8f3
 
IA-64:
ImageMagick-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 001bda657397f288044e64e0bc05b70b
ImageMagick-c++-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 7d931c803bc50137ce838b4abcbd2429
ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 4a305e0d3d43b5c4819577d52cb3665b
ImageMagick-devel-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 2a86fc9da66f0e6d0e96b3069ca2a657
ImageMagick-perl-6.0.7.1-10.ia64.rpm
File outdated by:  RHSA-2010:0653
    MD5: a2604e4a1e0e05077e4710a73beeb4c0
 
x86_64:
ImageMagick-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 672a0fe5f9ba36d3a5398262a2ab4339
ImageMagick-c++-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 409c209e120fa43e39c33cacda54c917
ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: 70aaee17027423dcc49895e31889741f
ImageMagick-devel-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: db06e770f7f2b943a0ec9a368adc5fa9
ImageMagick-perl-6.0.7.1-10.x86_64.rpm
File outdated by:  RHSA-2010:0653
    MD5: c144f3cbc8398fda48fac46e2faadeb7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

142045 - Segmentation fault on conversion to TIFF (possible libtiff bug)
150185 - CAN-2005-0397 ImageMagick format string flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/