Skip to navigation

Security Advisory Moderate: ImageMagick security and bug fix update

Advisory: RHSA-2010:0652-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-08-25
Last updated on: 2010-08-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-1882

Details

Updated ImageMagick packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the ImageMagick routine responsible for creating X11 images. An
attacker could create a specially-crafted image file that, when opened by a
victim, would cause ImageMagick to crash or, potentially, execute arbitrary
code. (CVE-2009-1882)

This update also fixes the following bug:

* previously, portions of certain RGB images on the right side were not
rendered and left black when converting or displaying them. With this
update, RGB images display correctly. (BZ#625058)

Users of ImageMagick are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of ImageMagick must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
ImageMagick-6.2.8.0-4.el5_5.2.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 73d51b6ef34929e485635cbf94be2b87
SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f
 
IA-32:
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 953186702ec2878814057318462b8070
SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c
ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 04988633e0a4ca383c75c33d7bd8235c
SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b
 
x86_64:
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 953186702ec2878814057318462b8070
SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 189659d7cb30d0154b9dd78a35b0caec
SHA-256: 3091e9d5c67dce00208c129eb8b2c69e28ff45476b717a24611e606a69a5f0e3
ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 04988633e0a4ca383c75c33d7bd8235c
SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b
ImageMagick-devel-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: f41ce351d8f5f8074145e97cb33fa440
SHA-256: bf475f69b4fa56a1b6828cd9941930a6737d22e4d07b653298963a7a7208afc1
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ImageMagick-6.2.8.0-4.el5_5.2.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 73d51b6ef34929e485635cbf94be2b87
SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f
 
IA-32:
ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00e2fae815cd49a230f64898b6ae0d96
SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609
ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5aa5a7f21edf08f6f54502a380a49297
SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 953186702ec2878814057318462b8070
SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c
ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 04988633e0a4ca383c75c33d7bd8235c
SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b
ImageMagick-perl-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5060363384f4166d485da4512ac900c0
SHA-256: b7970b2ee013250b6fc3efa0bcc4c680b9e6282e5fd56ad75fdf188cf7124930
 
IA-64:
ImageMagick-6.2.8.0-4.el5_5.2.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 987154bd2c03683b6985d9de9e44c520
SHA-256: 662d1be91a8fa99a3d6196b63827e99e5ea44df1bdda63f52036ad5d98a02822
ImageMagick-c++-6.2.8.0-4.el5_5.2.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 7dcaa749bb96077c78498f7562e59063
SHA-256: 29f450de3fa8c9cddd57872f18551d303f6b22ef7afcf2fb43bfbe905d3c294b
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0e2542cceefd58cdf0a76977ef7be034
SHA-256: c20ded0bc2dd4349c8a54390c7eadabbe999a6df5cc3644db6cc62de66badccf
ImageMagick-devel-6.2.8.0-4.el5_5.2.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 7c91196cd83e054fa2319c6cbeffa3d4
SHA-256: 76c20c6be07997d788178c89ae0c2a2a034ad7a3f2657fc25fbac2396e5254cc
ImageMagick-perl-6.2.8.0-4.el5_5.2.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: bf6cf5e7a9144483a73e0816c9750d34
SHA-256: d2d2bb7c1f934d54f3162a74fa4d6ea0f8739e13bfbebdc9a61de9252f9d8665
 
PPC:
ImageMagick-6.2.8.0-4.el5_5.2.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: d173c164d291590bf1d60ff7ac02e05f
SHA-256: d3af5f999828f5a6deef8aafdbcc5841a7b36ca620dc6054d539d3d6bbea274c
ImageMagick-6.2.8.0-4.el5_5.2.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 6648c3c5d0bc9fb5d3d07f20774b9bec
SHA-256: ad985b2bda8f08f7e131a9c48c63782f12f636d4c0e595da24bd0665b6aa50ef
ImageMagick-c++-6.2.8.0-4.el5_5.2.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: ed9ecc06bc97c3bcb08a9d263fbe3073
SHA-256: 2cdcf9ad7db2efaf67e468c2b4757a143ebf6d6281104fe154241dadf71db808
ImageMagick-c++-6.2.8.0-4.el5_5.2.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 004e0b2b0208b1ad2f55c20eaea50754
SHA-256: 454e4ae12cdf6d9628ee9efbfd0f6672e69b2444d59f1287a76ce38f48c13c25
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: e3f5eeb0a68090219d1b787e09addce1
SHA-256: c3daa7218756d288940432b0df44a7d3a9c8c6b3da34a9e2a9ec902d60b85a67
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: df2be9831d9e0a325e860edad290943f
SHA-256: 5240a4c7bf4ef83da7a39d9d01ac4a393549c3cc19ec8ad49a3a7834322d1792
ImageMagick-devel-6.2.8.0-4.el5_5.2.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: 3a19ed68f7e2f764b4d9da7ce1a1340a
SHA-256: 650401e2dfc98ecb96955ece0edf5054d0e7e583258522871b42386e01c970f2
ImageMagick-devel-6.2.8.0-4.el5_5.2.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 08583227519bead9c5123696d7fe91e6
SHA-256: e27b4bf7febe696fc09a0b31b21702a05c2c3bc7624a946eb9404fae25c33402
ImageMagick-perl-6.2.8.0-4.el5_5.2.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: 57c7c4fdc5f00642aaddd532c522b6dc
SHA-256: c149f202e08f444401dee5d1250919c8bbca48ec2f98c0d8a2047990a7e5a97c
 
s390x:
ImageMagick-6.2.8.0-4.el5_5.2.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: 76f8cd21beafabdb855ddbcf0a4aba93
SHA-256: 0aef3404c0a4d12dfb17780bbed8657a9e52391f6fa8207de7e8cc94e1427f7f
ImageMagick-6.2.8.0-4.el5_5.2.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: 4d1b15bff06cb347d0684bdb03caac51
SHA-256: 5e9163107f7ce62663315c071ca31e52d427f7f5e9b96694a4b4eec5808405dc
ImageMagick-c++-6.2.8.0-4.el5_5.2.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: f6301007be2e0c8c0ad3082780168185
SHA-256: 3876af3dc86223129e6115d5e83bb3d242e5b09dfd8b24b00fb63c906a2d0e2f
ImageMagick-c++-6.2.8.0-4.el5_5.2.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: af429c76dec846dd881e473704a68406
SHA-256: a9475faf225ae7a61932e00c282f789d0f92db918a02f9ba05f7a0c58658872c
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: 1d4133829aa0aa16f2a435a3000083d7
SHA-256: c6e64f36c9d2c97accb09fba157d95f4a4dd76839e4ae7968e641b30643cdac5
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: 747963791517e9a956dfa29738ce59d8
SHA-256: a7cc4c37c21790931826b22475c7ab66d986c8549ff20eec24f4abcd6f21d8e4
ImageMagick-devel-6.2.8.0-4.el5_5.2.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: 1472efbecafc7f181c95254a9a735227
SHA-256: 860b7d40c45763f90bcc83566469cfc7fbd0bf0d36a1d24d56bf689342dc369c
ImageMagick-devel-6.2.8.0-4.el5_5.2.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: bd142089eca3ad53a15f7003b16225bf
SHA-256: 8ff4a2232f1be07b7029807655a364f9496f8520f794ddbd79f503ae293ff476
ImageMagick-perl-6.2.8.0-4.el5_5.2.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: db3d618ac72529c8325b8d9ad3c3e483
SHA-256: 05edbd838b9cacf33ec88d276f817d782ba5c287c89dd73136cbcbf0a47d7ab6
 
x86_64:
ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00e2fae815cd49a230f64898b6ae0d96
SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609
ImageMagick-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 4ce5d5eea31ba9810299c5edcf113abb
SHA-256: 9a93672628bbfa016ca8acba6fe2a3410d4dbb027443c88e7a48aeef080addac
ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5aa5a7f21edf08f6f54502a380a49297
SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902
ImageMagick-c++-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: abf44062eaa3c6ce0c72e7e1eb66c1f2
SHA-256: 736d17e1cd63f925999b7727ab682e311d78a056cce88b5088c11d610e5a109a
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 953186702ec2878814057318462b8070
SHA-256: 7d6975e18ec51a1bbb03917cfecb93936a3859b41587dc3102203271aecf550c
ImageMagick-c++-devel-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 189659d7cb30d0154b9dd78a35b0caec
SHA-256: 3091e9d5c67dce00208c129eb8b2c69e28ff45476b717a24611e606a69a5f0e3
ImageMagick-devel-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 04988633e0a4ca383c75c33d7bd8235c
SHA-256: 5e5e72edb33e39fe0d68e32c915ee3b6ea67175cfefc73c58c533ec4e1af0d7b
ImageMagick-devel-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: f41ce351d8f5f8074145e97cb33fa440
SHA-256: bf475f69b4fa56a1b6828cd9941930a6737d22e4d07b653298963a7a7208afc1
ImageMagick-perl-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0d776f49e26b00cb83d49ae89c7ef4dc
SHA-256: 0eb3dddc98c9ca1dd0c052a5dce7b81c12438149dc2438587f2e591e17b19a69
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
ImageMagick-6.2.8.0-4.el5_5.2.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 73d51b6ef34929e485635cbf94be2b87
SHA-256: 4311a81a36a437ae27c517cffb8c74f3dc3e7523b16212247cd9bb1ed277406f
 
IA-32:
ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00e2fae815cd49a230f64898b6ae0d96
SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609
ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5aa5a7f21edf08f6f54502a380a49297
SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902
ImageMagick-perl-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5060363384f4166d485da4512ac900c0
SHA-256: b7970b2ee013250b6fc3efa0bcc4c680b9e6282e5fd56ad75fdf188cf7124930
 
x86_64:
ImageMagick-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00e2fae815cd49a230f64898b6ae0d96
SHA-256: 215393bab3c32fa8235862b54e9e7175feba166f7b5096013aff46c11689d609
ImageMagick-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 4ce5d5eea31ba9810299c5edcf113abb
SHA-256: 9a93672628bbfa016ca8acba6fe2a3410d4dbb027443c88e7a48aeef080addac
ImageMagick-c++-6.2.8.0-4.el5_5.2.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 5aa5a7f21edf08f6f54502a380a49297
SHA-256: 23cbf50977c62e36cfdbb8a38ecaa7a923046ffb97f9f99f666459501e77a902
ImageMagick-c++-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: abf44062eaa3c6ce0c72e7e1eb66c1f2
SHA-256: 736d17e1cd63f925999b7727ab682e311d78a056cce88b5088c11d610e5a109a
ImageMagick-perl-6.2.8.0-4.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0d776f49e26b00cb83d49ae89c7ef4dc
SHA-256: 0eb3dddc98c9ca1dd0c052a5dce7b81c12438149dc2438587f2e591e17b19a69
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

503017 - CVE-2009-1882 ImageMagick, GraphicsMagick: Integer overflow in the routine creating X11 images
625058 - CRM.1902920 - Issue displaying SGI image with ImageMagick


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/