
---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ImageMagick packages fix security vulnerabilities
Advisory ID:       RHSA-2004:494-01
Issue date:        2004-10-20
Updated on:        2004-10-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2003-0455 CAN-2004-0827
---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix various security vulnerabilities are
now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A heap overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted BMP file in such a way that it
would cause ImageMagick to execute arbitrary code when processing the
image.  The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0827 to this issue.

A temporary file handling bug has been found in ImageMagick's libmagick
library.  A local user could overwrite or create files as a different user
if a program was linked with the vulnerable library.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0455 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability
130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 

22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

ia64:
13a0333046d8337643de2b338aa157b9  ImageMagick-5.3.8-5.ia64.rpm
163e1753c113703c2b279ab2b6150c9f  ImageMagick-c++-5.3.8-5.ia64.rpm
4f16d62bf35adb7512da4fb1cbc93df7  ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8  ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998  ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 

22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

ia64:
13a0333046d8337643de2b338aa157b9  ImageMagick-5.3.8-5.ia64.rpm
163e1753c113703c2b279ab2b6150c9f  ImageMagick-c++-5.3.8-5.ia64.rpm
4f16d62bf35adb7512da4fb1cbc93df7  ImageMagick-c++-devel-5.3.8-5.ia64.rpm
641626cf00da91e4cf321e5b5bde5ff8  ImageMagick-devel-5.3.8-5.ia64.rpm
5ae53b3226e04ca6bb3f4906faafa998  ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 

22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 

22738cf864df785a841772511e92e689  ImageMagick-5.3.8-5.src.rpm

i386:
6f2d75c18a23e1dfd8436612760cea77  ImageMagick-5.3.8-5.i386.rpm
6ab5cd1e16ce974097ed70fe509b2d54  ImageMagick-c++-5.3.8-5.i386.rpm
f8ecc0f1253736bd99b48d15447f61dc  ImageMagick-c++-devel-5.3.8-5.i386.rpm
14cb59447f203c6d2141636c71ce8d58  ImageMagick-devel-5.3.8-5.i386.rpm
c504ef763f766cf4c90cb8caad764ebb  ImageMagick-perl-5.3.8-5.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

7. References:
 
CVE -CVE-2003-0455 
CVE -CVE-2004-0827

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: ImageMagick security vulnerabilities fix

Updated ImageMagick packages that fix various security vulnerabilities are now available.

Summary

Summary

ImageMagick(TM) is an image display and manipulation tool for the X WindowSystem.A heap overflow flaw was discovered in the ImageMagick image handler.An attacker could create a carefully crafted BMP file in such a way that itwould cause ImageMagick to execute arbitrary code when processing theimage. The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CAN-2004-0827 to this issue.A temporary file handling bug has been found in ImageMagick's libmagicklibrary. A local user could overwrite or create files as a different userif a program was linked with the vulnerable library. The CommonVulnerabilities and Exposures project (cve.mitre.org) has assigned the nameCAN-2003-0455 to this issue.Users of ImageMagick should upgrade to these updated packages, whichcontain a backported patch, and is not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability 130807 - CAN-2004-0827 heap overflow in BMP decoder
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm
i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

CVE -CVE-2003-0455 CVE -CVE-2004-0827

Package List

Severity

Advisory ID: RHSA-2004:494-01

Issued Date: : 2004-10-20

Updated on: 2004-10-20

Product: Red Hat Enterprise Linux

CVE Names: CAN-2003-0455 CAN-2004-0827

Topic

Updated ImageMagick packages that fix various security vulnerabilities arenow available.

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Related News

19.Laptop Bed Esm H320

Critical Security Update for Google Chrome: Implications & Recommendations

2 - 3 min read

Apr 29, 2024

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary

23.Tablet Connections Esm H320

Ubuntu 24.04 Security Enhancements Analyzed [Updated]

2 - 3 min read

Apr 29, 2024

The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements

4.Lock AbstractDigital Esm H320

Tails 6.2 Improves Security, Expands Multilingual Support

2 - 3 min read

Apr 24, 2024

Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a

19.Laptop Bed Esm H320

Why You Should Consider AlmaLinux 9.4 Beta for Your Desktop

2 - 3 min read

Apr 23, 2024

AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a

32.Lock Code Circular Esm H320

How to Keep Your Linux System Safe from Kernel Bugs

2 - 3 min read

Apr 23, 2024

Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.

1.Penguin Landscape Esm H320

Spectre V2: A New Threat to Linux Systems

2 - 3 min read

Apr 23, 2024

A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's

10.FingerPrint Locks Esm H320

I2P 2.5.0 Release Brings Improvements in Tunnels, I2PSnark & More

2 - 3 min read

Apr 22, 2024

The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew

24.Key Code Esm H320

Akira Ransomware Gang Targets Linux Servers, Extorts $42 Million

2 - 3 min read

Apr 19, 2024

The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved