Fedora Linux 8783 Published by

An ImageMagick security update is available for Fedora Core 2

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-234
2005-03-30
---------------------------------------------------------------------

Product : Fedora Core 2
Name : ImageMagick
Version : 6.2.0.7
Release : 2.fc2
Summary : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate and dis play images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well.



---------------------------------------------------------------------
Update Information:

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash.

A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash.

A bug was found in the way ImageMagick parses PSD files. It is possilbe that a specially crafted PSD file could cause ImageMagick to crash.

A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file.

---------------------------------------------------------------------
* Wed Mar 16 2005 <mclasen@redhat.com> - 6.2.0.7-2.fc2

- Update to 6.2.0 to fix a number of security issues:
- Drop a lot of upstreamed patches

* Tue Nov 23 2004 <jrb@redhat.com> - 5.5.7.7-1.3

- Fix heap overflow, CAN-2004-0827
- buffer overflow in ImageMagick's EXIF parser, CAN-2004-0981


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

52fbf39e38a7ae5cc0914b6517fedcba
SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm
f6a42bb0239a56780d7fac79bf4cb0cd
x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm
ac4add6449a8f20658f865161656b492 x86_64/ImageMagick-
devel-6.2.0.7-2.fc2.x86_64.rpm
414e95f0ed5189e246a5f03f27a9ba8a x86_64/ImageMagick-
perl-6.2.0.7-2.fc2.x86_64.rpm
1f416050e2410950b7d31cb6a20fcf3c x86_64/ImageMagick-c+
+-6.2.0.7-2.fc2.x86_64.rpm
dca65373bdde8fc72ad43f5fbb66d082 x86_64/ImageMagick-c++-
devel-6.2.0.7-2.fc2.x86_64.rpm
39e6fd4dd15ff0830a8a4629f9544ad1 x86_64/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc2.x86_64.rpm
9cf6d6efbb10b85c7aac59ccdc8404c1
i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm
bd5af835d5c692efeb91f8e72bd3ad68 i386/ImageMagick-
devel-6.2.0.7-2.fc2.i386.rpm
3bcd96b4f37d0d00496322172c3ab985 i386/ImageMagick-
perl-6.2.0.7-2.fc2.i386.rpm
3cc2862b41fa967e89743dca2794068a i386/ImageMagick-c+
+-6.2.0.7-2.fc2.i386.rpm
40e7147cf90e2fcd9f9589bdd201ab48 i386/ImageMagick-c++-
devel-6.2.0.7-2.fc2.i386.rpm
ed7985c73aa5b5806ad66e0b97636f9c i386/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.