Red Hat: ImageMagick security vulnerabilities fix
Summary
Summary
ImageMagick(TM) is an image display and manipulation tool for the X WindowSystem.A heap overflow flaw was discovered in the ImageMagick image handler.An attacker could create a carefully crafted BMP file in such a way that itwould cause ImageMagick to execute arbitrary code when processing theimage. The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CAN-2004-0827 to this issue.A temporary file handling bug has been found in ImageMagick's libmagicklibrary. A local user could overwrite or create files as a different userif a program was linked with the vulnerable library. The CommonVulnerabilities and Exposures project (cve.mitre.org) has assigned the nameCAN-2003-0455 to this issue.Users of ImageMagick should upgrade to these updated packages, whichcontain a backported patch, and is not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability
130807 - CAN-2004-0827 heap overflow in BMP decoder
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386:
6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
ia64:
13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm
163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm
4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
ia64:
13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm
163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm
4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386:
6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386:
6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
References
Package List
Topic
Updated ImageMagick packages that fix various security vulnerabilities arenow available.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Bugs Fixed