Red Hat 9062 Published by

An ImageMagick security update is available for Red Hat Enterprise Linux 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ImageMagick security update
Advisory ID: RHSA-2005:320-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-320.html
Issue date: 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0397
----------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window System which can read and write multiple image formats.

A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0397 to this issue.

Additionally, a bug was fixed which caused ImageMagick(TM) to occasionally segfault when writing TIFF images to standard output.

Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142045 - Segmentation fault on conversion to TIFF (possible libtiff bug)
150185 - CAN-2005-0397 ImageMagick format string flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm

ppc:
12be580ec878b85766fb395b12594ef3 ImageMagick-6.0.7.1-10.ppc.rpm
0231e95c9d3d20a4ec33bb840f6b95c0 ImageMagick-c++-6.0.7.1-10.ppc.rpm
73d33cc0070d616f04fcc30dddf98db7 ImageMagick-c++-devel-6.0.7.1-10.ppc.rpm
0775ecaf973f9985e195d7d088e3a342 ImageMagick-devel-6.0.7.1-10.ppc.rpm
e59efdba147068fdec313afef97dcb5b ImageMagick-perl-6.0.7.1-10.ppc.rpm

s390:
dcbb2aedbc432f9291314079a4c2ff7d ImageMagick-6.0.7.1-10.s390.rpm
4745e6e2e665afbc7b1cac91cddbbc9d ImageMagick-c++-6.0.7.1-10.s390.rpm
2c4f816ab3892f6914986b2217e2c73e ImageMagick-c++-devel-6.0.7.1-10.s390.rpm
67adaba9d191ede734f758aec0cd9b5c ImageMagick-devel-6.0.7.1-10.s390.rpm
2a9a4922e589877e70e2c2e918b05b0f ImageMagick-perl-6.0.7.1-10.s390.rpm

s390x:
6dea39358712b8575da76e27ff671924 ImageMagick-6.0.7.1-10.s390x.rpm
7e6df039cba4a3cf7fbf5b550dd7a4d1 ImageMagick-c++-6.0.7.1-10.s390x.rpm
87f2a92001e88334cf6f55e82e54529a ImageMagick-c++-devel-6.0.7.1-10.s390x.rpm
377ad1d4145efd9ae1556f7498564d4d ImageMagick-devel-6.0.7.1-10.s390x.rpm
b55a7bf0fe172df9936f3628722fc14e ImageMagick-perl-6.0.7.1-10.s390x.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-10.src.rpm
983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm

i386:
c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm
703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm
2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm
c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm
6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm

ia64:
001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm
7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm
4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm
2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm
a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm

x86_64:
672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm
409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm
70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm
db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm
c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.