Fedora Core 3 ImageMagick Update: Critical Buffer Overflow Alert

ImageMagick(TM) is an image display and manipulation tool for the X

Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,

and Photo CD image formats. It can resize, rotate, sharpen, color

reduce, or add special effects to an image, and when finished you can

either save the completed work in the original format or a different

one. ImageMagick also includes command line programs for creating

animated or transparent .gifs, creating composite images, creating

thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate

and dis play images. If you want to develop your own applications

which use ImageMagick code or APIs, you need to install

ImageMagick-devel as well.

Andrei Nigmatulin discovered a heap based buffer overflow flaw in the

ImageMagick image handler. An attacker could create a carefully crafted

Photoshop Document (PSD) image in such a way that it would cause

ImageMagick to execute arbitrary code when processing the image. The

Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames.

An attacker could execute arbitrary code in a victims machine if they

are able to trick the victim into opening a file with a specially

crafted name. The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

- Update to 6.2.0 to fix a number of security issues:

- Drop a lot of upstreamed patches

dbbd0c32799bc32658214273037f1942

SRPMS/ImageMagick-6.2.0.7-2.fc3.src.rpm

39ecc49bcdfda64dd2cfaac13b332f42

x86_64/ImageMagick-6.2.0.7-2.fc3.x86_64.rpm

908f8c2f25568cf2340db0a6ae7c5b57 x86_64/ImageMagick-devel-6.2.0.7-2.fc3.x86_64.rpm

7f5112e7f05c9d4a448f5edeb42b153c x86_64/ImageMagick-perl-6.2.0.7-2.fc3.x86_64.rpm

039af81133349c933d0de1e1f61f3ba1 x86_64/ImageMagick-c+

+-6.2.0.7-2.fc3.x86_64.rpm

455c2286d9f1ed1e778a5c5e905053cb x86_64/ImageMagick-c++-devel-6.2.0.7-2.fc3.x86_64.rpm

fe8a3812e6c3fbc8f5016e6eb1d2271a x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc3.x86_64.rpm

1f8387ff55eee8116b53309fc93e28db

x86_64/ImageMagick-6.2.0.7-2.fc3.i386.rpm

214aee8a27780dee6e5c4a5b8b58ec0e x86_64/ImageMagick-c+

+-6.2.0.7-2.fc3.i386.rpm

1f8387ff55eee8116b53309fc93e28db

i386/ImageMagick-6.2.0.7-2.fc3.i386.rpm

a97fb99dfbcddc4391a351a51d544f14 i386/ImageMagick-devel-6.2.0.7-2.fc3.i386.rpm

12ceecfa8d7fd51e9e7a0eaf92c2abcf i386/ImageMagick-perl-6.2.0.7-2.fc3.i386.rpm

214aee8a27780dee6e5c4a5b8b58ec0e i386/ImageMagick-c+

+-6.2.0.7-2.fc3.i386.rpm

1ed8f7ca926e4fd31500f7ee8f767e72 i386/ImageMagick-c++-devel-6.2.0.7-2.fc3.i386.rpm

1f8756e8c6b5405dad07396eb34bf064 i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

--fedora-announce-list mailing list

fedora-announce-list@redhat.com