Skip to navigation

Security Advisory Low: ImageMagick security and bug fix update

Advisory: RHSA-2012:0301-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-4167

Details

Updated ImageMagick packages that fix one security issue and multiple bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

ImageMagick is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

It was found that ImageMagick utilities tried to load ImageMagick
configuration files from the current working directory. If a user ran an
ImageMagick utility in an attacker-controlled directory containing a
specially-crafted ImageMagick configuration file, it could cause the
utility to execute arbitrary code. (CVE-2010-4167)

This update also fixes the following bugs:

* Previously, the "identify -verbose" command failed with an assertion if
there was no image information available. An upstream patch has been
applied, so that GetImageOption() is now called correctly. Now, the
"identify -verbose" command works correctly even if no image information is
available. (BZ#502626)

* Previously, an incorrect use of the semaphore data type led to a
deadlock. As a consequence, the ImageMagick utility could become
unresponsive when converting JPEG files to PDF (Portable Document Format)
files. A patch has been applied to address the deadlock issue, and JPEG
files can now be properly converted to PDF files. (BZ#530592)

* Previously, running the "convert" command with the "-color" option failed
with a memory allocation error. The source code has been modified to fix
problems with memory allocation. Now, using the "convert" command with the
"-color" option works correctly. (BZ#616538)

* Previously, ImageMagick could become unresponsive when using the
"display" command on damaged GIF files. The source code has been revised to
prevent the issue. ImageMagick now produces an error message in the
described scenario. A file selector is now opened so the user can choose
another image to display. (BZ#693989)

* Prior to this update, the "convert" command did not handle rotated PDF
files correctly. As a consequence, the output was rendered as a portrait
with the content being cropped. With this update, the PDF render geometry
is modified, and the output produced by the "convert" command is properly
rendered as a landscape. (BZ#694922)

All users of ImageMagick are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of ImageMagick must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
ImageMagick-6.2.8.0-12.el5.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0671a483425e69869f4385f50b2d2b6a
SHA-256: 57543654a7dca0c67518229ab931ac178742639d24cbfd428a92c4ddde8efb61
 
IA-32:
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 50fa99a8d7436710c5b11928d263a9d3
SHA-256: 543f297d2d83bce06a1ebf78f612c7f8ce98b780b14f5fae236bec82d60d6a82
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a93c42e5e5cffd93746f6793de10366c
SHA-256: 7e6409f4f4aa07af6132b3709eb5fb55aed64fb396079eaab42408680186c34d
 
x86_64:
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 50fa99a8d7436710c5b11928d263a9d3
SHA-256: 543f297d2d83bce06a1ebf78f612c7f8ce98b780b14f5fae236bec82d60d6a82
ImageMagick-c++-devel-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 8faa526091785d7b1a226de5b6209427
SHA-256: 12a4c36b26f0bc164053dca8e15b22a413f948147cff95ca1104c3546bb63896
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm     MD5: 80ee519dd6372c507a84e0fc19d15064
SHA-256: 6fdd8526f325b724840e691cc3d4e4d4224b0e9332d6a8881e408ed6dc0e0640
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a93c42e5e5cffd93746f6793de10366c
SHA-256: 7e6409f4f4aa07af6132b3709eb5fb55aed64fb396079eaab42408680186c34d
ImageMagick-devel-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 4353741c3bc8680ebb069647ccd37caa
SHA-256: 421d92d05f1fa327433a3463e823c79eb5b2c95f3a2bfcafb6306eb8ce937f6e
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ImageMagick-6.2.8.0-12.el5.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0671a483425e69869f4385f50b2d2b6a
SHA-256: 57543654a7dca0c67518229ab931ac178742639d24cbfd428a92c4ddde8efb61
 
IA-32:
ImageMagick-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00470192237376c68b4b3ffe18d990b5
SHA-256: 15d9d90baa1564f2be7fc4262fff764b9251c592c27fd1cb98bd5a03c4a246af
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 393e5efaa5c89eab59b2517bcfdc3234
SHA-256: 0e5989bd94dbdbe17987d8ba0d2f058a4812f2f06116d09f85b7bbe7fac49852
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 50fa99a8d7436710c5b11928d263a9d3
SHA-256: 543f297d2d83bce06a1ebf78f612c7f8ce98b780b14f5fae236bec82d60d6a82
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a93c42e5e5cffd93746f6793de10366c
SHA-256: 7e6409f4f4aa07af6132b3709eb5fb55aed64fb396079eaab42408680186c34d
ImageMagick-perl-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a5698abb082c2251c0cf95cb97eef6de
SHA-256: c4f0f4e289152bc8947dda7cb63510765f3232efc7065f4d9b6f81ad620023ce
 
IA-64:
ImageMagick-6.2.8.0-12.el5.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 89e24022e1818694639b09a40db36ee3
SHA-256: 8c8a7c59bc9885e821ffefea06c08a1d76259ddda02366d3c1fd27af7e47df35
ImageMagick-c++-6.2.8.0-12.el5.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 02d7e8fee64fe544465a4822f87be2c2
SHA-256: 440c64ffc02762d983583439ee67273a25a1dde714c9d55c68f6ffbc448f4036
ImageMagick-c++-devel-6.2.8.0-12.el5.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 83d9860f0ad7b4b7b71b0ab0a49a3a99
SHA-256: 1e2a7f75eda4c4b0a5147451cb9c5a96972ac165c63e74e7e9a76b49bbbf284d
ImageMagick-debuginfo-6.2.8.0-12.el5.ia64.rpm     MD5: 27c5ada52ef244ec22b423db213acb90
SHA-256: 728ebccf02cdffe3bba0d946fbfb5f2d14735c8216017468df53b82eb953bccf
ImageMagick-devel-6.2.8.0-12.el5.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: ea0fdaf3574a53ef989e6b5598064f41
SHA-256: 5dbcd60ace449a0ee8c1af9b50ec20fe6b9eee0c67f6cfa77daed43d08f3e786
ImageMagick-perl-6.2.8.0-12.el5.ia64.rpm
File outdated by:  RHSA-2012:0545
    MD5: bb86dd515c64979813e49e8b19067dde
SHA-256: 06bb3fa323ca59e2c1cc4ece6031b2eba5a89d48edc7dca89acd3d7e0516f751
 
PPC:
ImageMagick-6.2.8.0-12.el5.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: f836864fcb70d7405b33bf76efc5223f
SHA-256: bde67eb05ee7b8ac73a10875cabe18c85c7d0dbc58359734b436b14e7f3e9b1d
ImageMagick-6.2.8.0-12.el5.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: b002d0e382f955977d131d1866e636cb
SHA-256: 04887edb638609898d3f255ed6bef30d79d2a7696fbcec9ccf2a4f15b2c49e34
ImageMagick-c++-6.2.8.0-12.el5.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: 85edc8b40b1d982e28e61fbaf0ae33e4
SHA-256: 926513881857d214b24f48f71d6c3347a0a4a4ddfa23d6c173571ce26a4feff0
ImageMagick-c++-6.2.8.0-12.el5.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 6c5b063e84f0a2e5c62bd40cc050d82b
SHA-256: 4c8cdb62c56a9913f5a93ef57f325d13ae09d11cf86689f9271389b0a43f6692
ImageMagick-c++-devel-6.2.8.0-12.el5.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: c2871c4888a965bb40feb8ae5ab4ebfc
SHA-256: f399097f0a98d39f00bc67facce5ca03d9691abc996cb8e18117205848ca7708
ImageMagick-c++-devel-6.2.8.0-12.el5.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: d06e139634e6e7114e8ff2b8b58915f4
SHA-256: b707c53ad124e1475dbc3a549abe51ce4c2e5bd1f8579cc837473be39a5af0ee
ImageMagick-debuginfo-6.2.8.0-12.el5.ppc.rpm     MD5: fe78a4a8449457934c56370e0a566fdc
SHA-256: c52d0a2894c9f01bde9163cf8bf43dfb2c4f117b485b5c61fe79fa44d8af46e5
ImageMagick-debuginfo-6.2.8.0-12.el5.ppc64.rpm     MD5: fe5cb4d8fd444494ee16936f75d8b994
SHA-256: 3caf92153ac193986cff3637bf8f73e48766ab7fcb2ead48358e4f60d1f5d933
ImageMagick-devel-6.2.8.0-12.el5.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0b7286e7a2d90371c30f6256a0959984
SHA-256: 56211723f727d8074cc4d5a9d3f326d47f73e9ac59f85c850a58418cb6e0b6bb
ImageMagick-devel-6.2.8.0-12.el5.ppc64.rpm
File outdated by:  RHSA-2012:0545
    MD5: e8e8ec9c3575ba80d219755671569d28
SHA-256: 182a96ec956bd7fb380d485b4cdf6dfe3f62bc70d481e0249f6d5a863dafe93a
ImageMagick-perl-6.2.8.0-12.el5.ppc.rpm
File outdated by:  RHSA-2012:0545
    MD5: 836dabf1655239d797d81a464b1742b1
SHA-256: ff77cbdf4a2f8ffb696e5a40a7820e86526963edeee691abcadd36fe9740ae54
 
s390x:
ImageMagick-6.2.8.0-12.el5.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: d93d561f730de1784d51a6848f8f4a01
SHA-256: b42709ef52d7aaf78d28c4e5ee7384188c3a6d03b25a3fe91cc142377047a184
ImageMagick-6.2.8.0-12.el5.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: 70a01ca9dcf247ee84fcfcc7e6b340c8
SHA-256: 0452c7037ec69ff28335cb22ca0e1b1cb9d0c6f72ae065e3a15cac984936e7a8
ImageMagick-c++-6.2.8.0-12.el5.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: bc41d021423e6a4e7406c44c412e87f9
SHA-256: dd765debec2a65a1afb31ee63cf028f389646b482eed4528b598f2a020a6de4e
ImageMagick-c++-6.2.8.0-12.el5.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: 189d9073b37e48688fec83db3f447f2a
SHA-256: f9f9497c02d18514eda7c8743c274826f703d16b234e37a1ea5dc843c1cef3f6
ImageMagick-c++-devel-6.2.8.0-12.el5.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: ff176673fad3015660341fe55a58762a
SHA-256: f2344083612ed0c22d5cba6bce42ae23dae11f58e2e21f42c60bc546fd0ac4fc
ImageMagick-c++-devel-6.2.8.0-12.el5.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: eee229b00c036d929c0303ee071f64d9
SHA-256: a57e6ed4b5cccff277939262d023933267aff8c9ab4a2dac8cc2449277e1d206
ImageMagick-debuginfo-6.2.8.0-12.el5.s390.rpm     MD5: c0cec423cd05593f2cf331170a7eb684
SHA-256: d6003b1ad12b2fc663fe48805cebf3e2651d75d8a855c9e117025493357d65c3
ImageMagick-debuginfo-6.2.8.0-12.el5.s390x.rpm     MD5: de3c351ddb89a256e11cc88fb6031e6e
SHA-256: 8d2c097395e4535d8579ba8e5c3ca5317f09d85aadbd3e35d74bff44ae76255e
ImageMagick-devel-6.2.8.0-12.el5.s390.rpm
File outdated by:  RHSA-2012:0545
    MD5: 8a0f82a08190dbcf94e37ef30fd922a9
SHA-256: f2e01467db925e6403ce0d8e4ca8ada52f08160fdfd373cec25f14692894b94f
ImageMagick-devel-6.2.8.0-12.el5.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: fb2ab5a708bf4bdc396741784724b338
SHA-256: 0a009e4d410d2766bf90762f881a2fda6b71c6642b74362ab5d69f0682f63a5c
ImageMagick-perl-6.2.8.0-12.el5.s390x.rpm
File outdated by:  RHSA-2012:0545
    MD5: dee97449ffee50edfe1d3ce388ba76c9
SHA-256: bae9e09adc937ca94973ba51ba7ec4b70f6ab307d244690afcc1ab87df65e651
 
x86_64:
ImageMagick-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00470192237376c68b4b3ffe18d990b5
SHA-256: 15d9d90baa1564f2be7fc4262fff764b9251c592c27fd1cb98bd5a03c4a246af
ImageMagick-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 2463e58ec6f6afe250a7181088a98936
SHA-256: 5ecc2735411aa87b65b8bcf2d9c3f72f93737915fd6be40fc1436263809958b2
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 393e5efaa5c89eab59b2517bcfdc3234
SHA-256: 0e5989bd94dbdbe17987d8ba0d2f058a4812f2f06116d09f85b7bbe7fac49852
ImageMagick-c++-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: ae1be6f753dc78bf23511b0db8f134c4
SHA-256: 3aeeccf57190fbdc909beb4ce2f0ad38cd0300308f583d009f4f9171c583368a
ImageMagick-c++-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 50fa99a8d7436710c5b11928d263a9d3
SHA-256: 543f297d2d83bce06a1ebf78f612c7f8ce98b780b14f5fae236bec82d60d6a82
ImageMagick-c++-devel-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 8faa526091785d7b1a226de5b6209427
SHA-256: 12a4c36b26f0bc164053dca8e15b22a413f948147cff95ca1104c3546bb63896
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm     MD5: 80ee519dd6372c507a84e0fc19d15064
SHA-256: 6fdd8526f325b724840e691cc3d4e4d4224b0e9332d6a8881e408ed6dc0e0640
ImageMagick-devel-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a93c42e5e5cffd93746f6793de10366c
SHA-256: 7e6409f4f4aa07af6132b3709eb5fb55aed64fb396079eaab42408680186c34d
ImageMagick-devel-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 4353741c3bc8680ebb069647ccd37caa
SHA-256: 421d92d05f1fa327433a3463e823c79eb5b2c95f3a2bfcafb6306eb8ce937f6e
ImageMagick-perl-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: a8c8d41c77aaaec1f9e5a209cdd4b7f5
SHA-256: 8b155eb524680261cf26ce29001f8b7555d34c029fbd766a2dbb80b79716b236
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
ImageMagick-6.2.8.0-12.el5.src.rpm
File outdated by:  RHSA-2012:0545
    MD5: 0671a483425e69869f4385f50b2d2b6a
SHA-256: 57543654a7dca0c67518229ab931ac178742639d24cbfd428a92c4ddde8efb61
 
IA-32:
ImageMagick-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00470192237376c68b4b3ffe18d990b5
SHA-256: 15d9d90baa1564f2be7fc4262fff764b9251c592c27fd1cb98bd5a03c4a246af
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 393e5efaa5c89eab59b2517bcfdc3234
SHA-256: 0e5989bd94dbdbe17987d8ba0d2f058a4812f2f06116d09f85b7bbe7fac49852
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-perl-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: a5698abb082c2251c0cf95cb97eef6de
SHA-256: c4f0f4e289152bc8947dda7cb63510765f3232efc7065f4d9b6f81ad620023ce
 
x86_64:
ImageMagick-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 00470192237376c68b4b3ffe18d990b5
SHA-256: 15d9d90baa1564f2be7fc4262fff764b9251c592c27fd1cb98bd5a03c4a246af
ImageMagick-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: 2463e58ec6f6afe250a7181088a98936
SHA-256: 5ecc2735411aa87b65b8bcf2d9c3f72f93737915fd6be40fc1436263809958b2
ImageMagick-c++-6.2.8.0-12.el5.i386.rpm
File outdated by:  RHSA-2012:0545
    MD5: 393e5efaa5c89eab59b2517bcfdc3234
SHA-256: 0e5989bd94dbdbe17987d8ba0d2f058a4812f2f06116d09f85b7bbe7fac49852
ImageMagick-c++-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: ae1be6f753dc78bf23511b0db8f134c4
SHA-256: 3aeeccf57190fbdc909beb4ce2f0ad38cd0300308f583d009f4f9171c583368a
ImageMagick-debuginfo-6.2.8.0-12.el5.i386.rpm     MD5: b9c2fa446661800b69fca4cd51a86575
SHA-256: d827f1ed15743c19edf541b069c91951667e6617cd8bb2baf77c90861c3182d0
ImageMagick-debuginfo-6.2.8.0-12.el5.x86_64.rpm     MD5: 80ee519dd6372c507a84e0fc19d15064
SHA-256: 6fdd8526f325b724840e691cc3d4e4d4224b0e9332d6a8881e408ed6dc0e0640
ImageMagick-perl-6.2.8.0-12.el5.x86_64.rpm
File outdated by:  RHSA-2012:0545
    MD5: a8c8d41c77aaaec1f9e5a209cdd4b7f5
SHA-256: 8b155eb524680261cf26ce29001f8b7555d34c029fbd766a2dbb80b79716b236
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

580535 - Using "-page" option in ImageMagick's "convert" set bogus page size in PostScript
652860 - CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/