---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-234
2005-03-30
---------------------------------------------------------------------Product     : Fedora Core 2
Name        : ImageMagick
Version     : 6.2.0.7                      
Release     : 2.fc2                  
Summary     : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

---------------------------------------------------------------------Update Information:

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash.

A bug was found in the way ImageMagick parses PSD files. It is possilbe
that a specially crafted PSD file could cause ImageMagick to crash.

A heap overflow bug was found in ImageMagick's SGI parser. It is
possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file.
---------------------------------------------------------------------* Wed Mar 16 2005  - 6.2.0.7-2.fc2

- Update to 6.2.0 to fix a number of security issues:
    - Drop a lot of upstreamed patches

* Tue Nov 23 2004  - 5.5.7.7-1.3

- Fix heap overflow, CAN-2004-0827
- buffer overflow in ImageMagick's EXIF parser, CAN-2004-0981


---------------------------------------------------------------------This update can be downloaded from:
  
52fbf39e38a7ae5cc0914b6517fedcba
SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm
f6a42bb0239a56780d7fac79bf4cb0cd
x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm
ac4add6449a8f20658f865161656b492  x86_64/ImageMagick-devel-6.2.0.7-2.fc2.x86_64.rpm
414e95f0ed5189e246a5f03f27a9ba8a  x86_64/ImageMagick-perl-6.2.0.7-2.fc2.x86_64.rpm
1f416050e2410950b7d31cb6a20fcf3c  x86_64/ImageMagick-c+
+-6.2.0.7-2.fc2.x86_64.rpm
dca65373bdde8fc72ad43f5fbb66d082  x86_64/ImageMagick-c++-devel-6.2.0.7-2.fc2.x86_64.rpm
39e6fd4dd15ff0830a8a4629f9544ad1  x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.x86_64.rpm
9cf6d6efbb10b85c7aac59ccdc8404c1
i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm
bd5af835d5c692efeb91f8e72bd3ad68  i386/ImageMagick-devel-6.2.0.7-2.fc2.i386.rpm
3bcd96b4f37d0d00496322172c3ab985  i386/ImageMagick-perl-6.2.0.7-2.fc2.i386.rpm
3cc2862b41fa967e89743dca2794068a  i386/ImageMagick-c+
+-6.2.0.7-2.fc2.i386.rpm
40e7147cf90e2fcd9f9589bdd201ab48  i386/ImageMagick-c++-devel-6.2.0.7-2.fc2.i386.rpm
ed7985c73aa5b5806ad66e0b97636f9c  i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 2 Update: ImageMagick-6.2.0.7-2.fc2

March 30, 2005
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler

Summary

ImageMagick(TM) is an image display and manipulation tool for the X

Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,

and Photo CD image formats. It can resize, rotate, sharpen, color

reduce, or add special effects to an image, and when finished you can

either save the completed work in the original format or a different

one. ImageMagick also includes command line programs for creating

animated or transparent .gifs, creating composite images, creating

thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate

and dis play images. If you want to develop your own applications

which use ImageMagick code or APIs, you need to install

ImageMagick-devel as well.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the

ImageMagick image handler. An attacker could create a carefully crafted

Photoshop Document (PSD) image in such a way that it would cause

ImageMagick to execute arbitrary code when processing the image. The

Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames.

An attacker could execute arbitrary code in a victims machine if they

are able to trick the victim into opening a file with a specially

crafted name. The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible

that a TIFF image file with an invalid tag could cause ImageMagick to

crash.

A bug was found in ImageMagick's TIFF decoder. It is possible that a

specially crafted TIFF image file could cause ImageMagick to crash.

A bug was found in the way ImageMagick parses PSD files. It is possilbe

that a specially crafted PSD file could cause ImageMagick to crash.

A heap overflow bug was found in ImageMagick's SGI parser. It is

possible

that an attacker could execute arbitrary code by tricking a user into

opening a specially crafted SGI image file.

- Update to 6.2.0 to fix a number of security issues:

- Drop a lot of upstreamed patches

* Tue Nov 23 2004 - 5.5.7.7-1.3

- Fix heap overflow, CAN-2004-0827

- buffer overflow in ImageMagick's EXIF parser, CAN-2004-0981

52fbf39e38a7ae5cc0914b6517fedcba

SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm

f6a42bb0239a56780d7fac79bf4cb0cd

x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm

ac4add6449a8f20658f865161656b492 x86_64/ImageMagick-devel-6.2.0.7-2.fc2.x86_64.rpm

414e95f0ed5189e246a5f03f27a9ba8a x86_64/ImageMagick-perl-6.2.0.7-2.fc2.x86_64.rpm

1f416050e2410950b7d31cb6a20fcf3c x86_64/ImageMagick-c+

+-6.2.0.7-2.fc2.x86_64.rpm

dca65373bdde8fc72ad43f5fbb66d082 x86_64/ImageMagick-c++-devel-6.2.0.7-2.fc2.x86_64.rpm

39e6fd4dd15ff0830a8a4629f9544ad1 x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.x86_64.rpm

9cf6d6efbb10b85c7aac59ccdc8404c1

i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm

bd5af835d5c692efeb91f8e72bd3ad68 i386/ImageMagick-devel-6.2.0.7-2.fc2.i386.rpm

3bcd96b4f37d0d00496322172c3ab985 i386/ImageMagick-perl-6.2.0.7-2.fc2.i386.rpm

3cc2862b41fa967e89743dca2794068a i386/ImageMagick-c+

+-6.2.0.7-2.fc2.i386.rpm

40e7147cf90e2fcd9f9589bdd201ab48 i386/ImageMagick-c++-devel-6.2.0.7-2.fc2.i386.rpm

ed7985c73aa5b5806ad66e0b97636f9c i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-234 2005-03-30 Name : ImageMagick Version : 6.2.0.7 Release : 2.fc2 Summary : An X application for displaying and manipulating images. Description : ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and dis play images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. A bug was found in the way ImageMagick parses PSD files. It is possilbe that a specially crafted PSD file could cause ImageMagick to crash. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. - Update to 6.2.0 to fix a number of security issues: - Drop a lot of upstreamed patches * Tue Nov 23 2004 - 5.5.7.7-1.3 - Fix heap overflow, CAN-2004-0827 - buffer overflow in ImageMagick's EXIF parser, CAN-2004-0981 52fbf39e38a7ae5cc0914b6517fedcba SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm f6a42bb0239a56780d7fac79bf4cb0cd x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm ac4add6449a8f20658f865161656b492 x86_64/ImageMagick-devel-6.2.0.7-2.fc2.x86_64.rpm 414e95f0ed5189e246a5f03f27a9ba8a x86_64/ImageMagick-perl-6.2.0.7-2.fc2.x86_64.rpm 1f416050e2410950b7d31cb6a20fcf3c x86_64/ImageMagick-c+ +-6.2.0.7-2.fc2.x86_64.rpm dca65373bdde8fc72ad43f5fbb66d082 x86_64/ImageMagick-c++-devel-6.2.0.7-2.fc2.x86_64.rpm 39e6fd4dd15ff0830a8a4629f9544ad1 x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.x86_64.rpm 9cf6d6efbb10b85c7aac59ccdc8404c1 i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm bd5af835d5c692efeb91f8e72bd3ad68 i386/ImageMagick-devel-6.2.0.7-2.fc2.i386.rpm 3bcd96b4f37d0d00496322172c3ab985 i386/ImageMagick-perl-6.2.0.7-2.fc2.i386.rpm 3cc2862b41fa967e89743dca2794068a i386/ImageMagick-c+ +-6.2.0.7-2.fc2.i386.rpm 40e7147cf90e2fcd9f9589bdd201ab48 i386/ImageMagick-c++-devel-6.2.0.7-2.fc2.i386.rpm ed7985c73aa5b5806ad66e0b97636f9c i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : ImageMagick
Version : 6.2.0.7
Release : 2.fc2
Summary : An X application for displaying and manipulating images.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved