Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Red Hat RHSA-2004:494-01 Critical: ImageMagick Heap Overflow Threat

red hat
Calendar Grey October 20, 2004
Dist Redhat Esm H88
Recent updates to ImageMagick have resolved security vulnerabilities in Red Hat offerings. Update now for improved protection and feature upgrades.
Updated ImageMagick packages that fix various security vulnerabilities are now available.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability 130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm

i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm

ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm

ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm

i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm

i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from


Summary

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:494-01
Issue date: 2004-10-20
Updated on: 2004-10-20
Product: Red Hat Enterprise Linux

Topic

Updated ImageMagick packages that fix various security vulnerabilities arenow available.

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.