Recent Features
| |||||||||||||
Red Hat alert RHSA-2004:636-01 (ImageMagick)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ImageMagick packages fix security vulnerability Advisory ID: RHSA-2004:636-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-636.html Issue date: 2004-12-08 Updated on: 2004-12-08 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0981 CAN-2004-0827 - --------------------------------------------------------------------- 1. Summary: Updated ImageMagick packages that fixes a buffer overflow are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: ImageMagick(TM) is an image display and manipulation tool for the X Window System. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to this issue. David Eisenstein has reported that our previous fix for CAN-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser 130807 - CAN-2004-0827 heap overflow in BMP decoder 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/Ima... 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm ia64: 9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm 03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm 9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm 3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm 0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/Ima... 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm ia64: 9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm 03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm 9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm 3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm 0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/Ima... 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/Ima... 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/Image... 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm ppc: 90facda803fb447e862d754a0f773a24 ImageMagick-5.5.6-7.ppc.rpm 1f7dd0b886fc4dd81f83d203cf125e1c ImageMagick-c++-5.5.6-7.ppc.rpm 1b005351b9db9d7882bfb636d4c31d18 ImageMagick-c++-devel-5.5.6-7.ppc.rpm a30586353d6bb70020ed3df263f1a497 ImageMagick-devel-5.5.6-7.ppc.rpm 4f2d299fb4fb9831513136d8e56ec8f9 ImageMagick-perl-5.5.6-7.ppc.rpm s390: 7acdb99fdb3735bec4b5deaffe48638f ImageMagick-5.5.6-7.s390.rpm 744ad5fe4fcdd1931e6a29acf52c126b ImageMagick-c++-5.5.6-7.s390.rpm cfb51a057018d71a439067395835434d ImageMagick-c++-devel-5.5.6-7.s390.rpm 49aa63d472ea09bb054cd05907941f40 ImageMagick-devel-5.5.6-7.s390.rpm fb355cd7d24232761a23231c00f9ceef ImageMagick-perl-5.5.6-7.s390.rpm s390x: 2c986024e9a51e4cef1157260efebc28 ImageMagick-5.5.6-7.s390x.rpm 1be22c2e7138567cd9b37f727e1eb2ad ImageMagick-c++-5.5.6-7.s390x.rpm 557aa610b7be1d2ef6670cada21631de ImageMagick-c++-devel-5.5.6-7.s390x.rpm 74535eac90406854a4d16432b33d9ef2 ImageMagick-devel-5.5.6-7.s390x.rpm 1120d649cfe4b12886a402280fd50b20 ImageMagick-perl-5.5.6-7.s390x.rpm x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/Image... 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/Image... 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBt2QLXlSAg2UNWIIRApVrAJ0dQRiLpspwzrOdBQFIRjmeJopV2wCeNMyc inITvexd2UtjjdCaN0YJfTg= =pzpb -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-... (Log in to post comments)
|
|||||||||||||