__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN ImageMagick security update [RHSA-2006:0178-4] February 14, 2006 22:00 GMT Number Q-124 [REVISED 20 Nov 2006] ______________________________________________________________________________ PROBLEM: A format string flaw was discovered in the way ImageMagick handles filenames. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.1 alias sarge DAMAGE: It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Execution of arbitrary commands. ASSESSMENT: ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-124.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0178.html ADDITIONAL LINK: Debian Security Advisory DSA-1213-1 http://www.debian.org/security/2006/dsa-1213 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-0082 ______________________________________________________________________________ REVISION HISTORY: 11/20/2006 - revised to add a link to Debian Security Advisory DSA-1213-1 for Debian GNU/Linux 3.1 alias sarge. [***** Start RHSA-2006:0178-4 *****] Moderate: ImageMagick security update Advisory: RHSA-2006:0178-4 Type: Security Advisory Issued on: 2006-02-14 Last updated on: 2006-02-14 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2005-4601 CVE-2006-0082 Details Updated ImageMagick packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick's "display" command. It is possible to execute arbitrary commands by tricking a user into running "display" on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue. A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: ImageMagick-5.5.6-18.src.rpm 912eac513bb360bdc71bc2721389f59e IA-32: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-devel-5.5.6-18.i386.rpm 797a6d26a14f757b548ca2c70511c468 ImageMagick-devel-5.5.6-18.i386.rpm 02d788c894a578bdb5c2c02715c0c285 ImageMagick-perl-5.5.6-18.i386.rpm c2b6d87dbf2a9af764942f8bd3fdc759 x86_64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.x86_64.rpm 5cf37692eaaed39642fd2ac14027895f ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.x86_64.rpm 376395958ba49614b254d3f4dc8870a3 ImageMagick-c++-devel-5.5.6-18.x86_64.rpm e046834322f8dbe5d4de3a907fd18c0f ImageMagick-devel-5.5.6-18.x86_64.rpm 39a8c5ae4b7d5f261d3982f45d375605 ImageMagick-perl-5.5.6-18.x86_64.rpm 05eb8f5a7e8d79d1ff52ba0fbbd32fb9 Red Hat Desktop (v. 4) SRPMS: ImageMagick-6.0.7.1-14.src.rpm 943009b437200ac884a17bc0ba1ed6d5 IA-32: ImageMagick-6.0.7.1-14.i386.rpm 2bc5f48610909531555790d4aa0f0761 ImageMagick-c++-6.0.7.1-14.i386.rpm 6530b8195c456b770476178365a22aee ImageMagick-c++-devel-6.0.7.1-14.i386.rpm a4a1d6bc54840e4115db2bb3593b7b4d ImageMagick-devel-6.0.7.1-14.i386.rpm 303e6a26c3f268114235bb5e8c236dd7 ImageMagick-perl-6.0.7.1-14.i386.rpm d035be77c8ac2aec410ba0b2fa5df288 x86_64: ImageMagick-6.0.7.1-14.x86_64.rpm b1a29f3adda3e342999afaddc9b1ba79 ImageMagick-c++-6.0.7.1-14.x86_64.rpm dad10d79313cba668a451ed4b9db2cd6 ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm 8dffae4e528667fd7e62c1cb9742f325 ImageMagick-devel-6.0.7.1-14.x86_64.rpm 4ba905218af2b39b3481e27073e0d167 ImageMagick-perl-6.0.7.1-14.x86_64.rpm 30f2cd9845c5c47b33eb0dfb9b955089 Red Hat Enterprise Linux AS (v. 2.1) SRPMS: ImageMagick-5.3.8-14.src.rpm 42bbcea652834593b3b310eb507aafc3 IA-32: ImageMagick-5.3.8-14.i386.rpm 02ddcb3f4ad034e9b73775736aa0e1e5 ImageMagick-c++-5.3.8-14.i386.rpm 9ff2cfbc9138bd690f6cc429854410ff ImageMagick-c++-devel-5.3.8-14.i386.rpm 4ef1eec645c151bdd5152dd146c8ddc8 ImageMagick-devel-5.3.8-14.i386.rpm 36f335302afb16e04855300c7f3be3ab ImageMagick-perl-5.3.8-14.i386.rpm 5bba822c10f59ac762c6e8379d8fdfe6 IA-64: ImageMagick-5.3.8-14.ia64.rpm 3753e29706f68b6acc52193ac10313db ImageMagick-c++-5.3.8-14.ia64.rpm 629ea2a18833c23d4aea32103c7403d0 ImageMagick-c++-devel-5.3.8-14.ia64.rpm 829a6264533cdcd2aba7e178d3c2d178 ImageMagick-devel-5.3.8-14.ia64.rpm f096b2286e66b34308cb1e9c7e18ee21 ImageMagick-perl-5.3.8-14.ia64.rpm 3b3519336c7b2a962224ac88d9156bfc Red Hat Enterprise Linux AS (v. 3) SRPMS: ImageMagick-5.5.6-18.src.rpm 912eac513bb360bdc71bc2721389f59e IA-32: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-devel-5.5.6-18.i386.rpm 797a6d26a14f757b548ca2c70511c468 ImageMagick-devel-5.5.6-18.i386.rpm 02d788c894a578bdb5c2c02715c0c285 ImageMagick-perl-5.5.6-18.i386.rpm c2b6d87dbf2a9af764942f8bd3fdc759 IA-64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.ia64.rpm 836aa74bd8257394f97ea4c47725922d ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.ia64.rpm 4390be2fa1a09732385ec27b1395ee47 ImageMagick-c++-devel-5.5.6-18.ia64.rpm f0ddc57cec34c456c5a6c7ba3dd6ea88 ImageMagick-devel-5.5.6-18.ia64.rpm 9ba0a896fd63af3c89ba2560dc8b197c ImageMagick-perl-5.5.6-18.ia64.rpm 5332d039f3544f8d6b40bfd590b4c071 PPC: ImageMagick-5.5.6-18.ppc.rpm d25c37135f92898fdf63e9eec4a2107a ImageMagick-5.5.6-18.ppc64.rpm ccfd8f75e57f73802923e832bb3fb258 ImageMagick-c++-5.5.6-18.ppc.rpm 09b71675db36824ece86f3caa04aca75 ImageMagick-c++-5.5.6-18.ppc64.rpm 103cb8b6587c605a423ba6dc683c8cf7 ImageMagick-c++-devel-5.5.6-18.ppc.rpm e46b3984a1483e71160cf23f4140dad4 ImageMagick-devel-5.5.6-18.ppc.rpm d436653364f2e74ee9713fc70fc89fce ImageMagick-perl-5.5.6-18.ppc.rpm 7b090f29ca8ffb89a6fd6253072363c3 s390: ImageMagick-5.5.6-18.s390.rpm b80b7a3588cf53fbebd71c53242d12a7 ImageMagick-c++-5.5.6-18.s390.rpm 6b04d7d232e47596552eae758e16dd76 ImageMagick-c++-devel-5.5.6-18.s390.rpm bce318989f4dee6495f3049e099455d2 ImageMagick-devel-5.5.6-18.s390.rpm d85d9754792a863dc34b00df00d961e9 ImageMagick-perl-5.5.6-18.s390.rpm 3f2c1352f91825f205dbc63bc9d70c6b s390x: ImageMagick-5.5.6-18.s390.rpm b80b7a3588cf53fbebd71c53242d12a7 ImageMagick-5.5.6-18.s390x.rpm 33c8126009e25d12686d0c56da3f7ead ImageMagick-c++-5.5.6-18.s390.rpm 6b04d7d232e47596552eae758e16dd76 ImageMagick-c++-5.5.6-18.s390x.rpm 860ebd377224d7e57788fe7b70bfdda5 ImageMagick-c++-devel-5.5.6-18.s390x.rpm f953119b971a4d9be11a1460e5156650 ImageMagick-devel-5.5.6-18.s390x.rpm e883a1defc6c335a57c0ce047b9ed201 ImageMagick-perl-5.5.6-18.s390x.rpm a9e62f8aba3a2886378088a9b1fdf849 x86_64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.x86_64.rpm 5cf37692eaaed39642fd2ac14027895f ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.x86_64.rpm 376395958ba49614b254d3f4dc8870a3 ImageMagick-c++-devel-5.5.6-18.x86_64.rpm e046834322f8dbe5d4de3a907fd18c0f ImageMagick-devel-5.5.6-18.x86_64.rpm 39a8c5ae4b7d5f261d3982f45d375605 ImageMagick-perl-5.5.6-18.x86_64.rpm 05eb8f5a7e8d79d1ff52ba0fbbd32fb9 Red Hat Enterprise Linux AS (v. 4) SRPMS: ImageMagick-6.0.7.1-14.src.rpm 943009b437200ac884a17bc0ba1ed6d5 IA-32: ImageMagick-6.0.7.1-14.i386.rpm 2bc5f48610909531555790d4aa0f0761 ImageMagick-c++-6.0.7.1-14.i386.rpm 6530b8195c456b770476178365a22aee ImageMagick-c++-devel-6.0.7.1-14.i386.rpm a4a1d6bc54840e4115db2bb3593b7b4d ImageMagick-devel-6.0.7.1-14.i386.rpm 303e6a26c3f268114235bb5e8c236dd7 ImageMagick-perl-6.0.7.1-14.i386.rpm d035be77c8ac2aec410ba0b2fa5df288 IA-64: ImageMagick-6.0.7.1-14.ia64.rpm 73ecded1c169bc13cd8b408de6aeaa12 ImageMagick-c++-6.0.7.1-14.ia64.rpm 68c0f11baf659152dde65a2ed9cbb63c ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm fb9db38ef0cbbe9dc218cf7317c46d73 ImageMagick-devel-6.0.7.1-14.ia64.rpm d7da6da6d6701d91b289d56ec85a4e88 ImageMagick-perl-6.0.7.1-14.ia64.rpm 51d385a20a8a6fc8c2f012809649fdd1 PPC: ImageMagick-6.0.7.1-14.ppc.rpm 44af6d59473f5ec24dbc7c2012ce2e33 ImageMagick-c++-6.0.7.1-14.ppc.rpm 147008254b935be653520b5c2d017c3a ImageMagick-c++-devel-6.0.7.1-14.ppc.rpm 00d60982fa0c76b3455cc0359441d621 ImageMagick-devel-6.0.7.1-14.ppc.rpm 08cb5622a03833ce70b9be82196a4166 ImageMagick-perl-6.0.7.1-14.ppc.rpm 9c386ef8af75cf9304266dd1f8709ec8 s390: ImageMagick-6.0.7.1-14.s390.rpm 3d5d3b366e27b28533d1aeb06c6fcf0e ImageMagick-c++-6.0.7.1-14.s390.rpm 9a9aaa51935442d213bc4de3fde60056 ImageMagick-c++-devel-6.0.7.1-14.s390.rpm 9e2a9064823c70b581bc7fd5ae8560af ImageMagick-devel-6.0.7.1-14.s390.rpm 992cd1716a2cc6ca4d762779c3f024c6 ImageMagick-perl-6.0.7.1-14.s390.rpm b25fd0a0d461b6d2584606b87d35731b s390x: ImageMagick-6.0.7.1-14.s390x.rpm 55e5a69de6004b0695cbf74c7de11e2a ImageMagick-c++-6.0.7.1-14.s390x.rpm 934f5234af396109c1754c70a3a2ef3b ImageMagick-c++-devel-6.0.7.1-14.s390x.rpm b44ed289087478ecf6f443d523abd3d0 ImageMagick-devel-6.0.7.1-14.s390x.rpm 4d9e7b5c2b6cb13f3491e14eaea56445 ImageMagick-perl-6.0.7.1-14.s390x.rpm c658a53536aa59d1de3462beb81eee87 x86_64: ImageMagick-6.0.7.1-14.x86_64.rpm b1a29f3adda3e342999afaddc9b1ba79 ImageMagick-c++-6.0.7.1-14.x86_64.rpm dad10d79313cba668a451ed4b9db2cd6 ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm 8dffae4e528667fd7e62c1cb9742f325 ImageMagick-devel-6.0.7.1-14.x86_64.rpm 4ba905218af2b39b3481e27073e0d167 ImageMagick-perl-6.0.7.1-14.x86_64.rpm 30f2cd9845c5c47b33eb0dfb9b955089 Red Hat Enterprise Linux ES (v. 2.1) SRPMS: ImageMagick-5.3.8-14.src.rpm 42bbcea652834593b3b310eb507aafc3 IA-32: ImageMagick-5.3.8-14.i386.rpm 02ddcb3f4ad034e9b73775736aa0e1e5 ImageMagick-c++-5.3.8-14.i386.rpm 9ff2cfbc9138bd690f6cc429854410ff ImageMagick-c++-devel-5.3.8-14.i386.rpm 4ef1eec645c151bdd5152dd146c8ddc8 ImageMagick-devel-5.3.8-14.i386.rpm 36f335302afb16e04855300c7f3be3ab ImageMagick-perl-5.3.8-14.i386.rpm 5bba822c10f59ac762c6e8379d8fdfe6 Red Hat Enterprise Linux ES (v. 3) SRPMS: ImageMagick-5.5.6-18.src.rpm 912eac513bb360bdc71bc2721389f59e IA-32: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-devel-5.5.6-18.i386.rpm 797a6d26a14f757b548ca2c70511c468 ImageMagick-devel-5.5.6-18.i386.rpm 02d788c894a578bdb5c2c02715c0c285 ImageMagick-perl-5.5.6-18.i386.rpm c2b6d87dbf2a9af764942f8bd3fdc759 IA-64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.ia64.rpm 836aa74bd8257394f97ea4c47725922d ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.ia64.rpm 4390be2fa1a09732385ec27b1395ee47 ImageMagick-c++-devel-5.5.6-18.ia64.rpm f0ddc57cec34c456c5a6c7ba3dd6ea88 ImageMagick-devel-5.5.6-18.ia64.rpm 9ba0a896fd63af3c89ba2560dc8b197c ImageMagick-perl-5.5.6-18.ia64.rpm 5332d039f3544f8d6b40bfd590b4c071 x86_64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.x86_64.rpm 5cf37692eaaed39642fd2ac14027895f ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.x86_64.rpm 376395958ba49614b254d3f4dc8870a3 ImageMagick-c++-devel-5.5.6-18.x86_64.rpm e046834322f8dbe5d4de3a907fd18c0f ImageMagick-devel-5.5.6-18.x86_64.rpm 39a8c5ae4b7d5f261d3982f45d375605 ImageMagick-perl-5.5.6-18.x86_64.rpm 05eb8f5a7e8d79d1ff52ba0fbbd32fb9 Red Hat Enterprise Linux ES (v. 4) SRPMS: ImageMagick-6.0.7.1-14.src.rpm 943009b437200ac884a17bc0ba1ed6d5 IA-32: ImageMagick-6.0.7.1-14.i386.rpm 2bc5f48610909531555790d4aa0f0761 ImageMagick-c++-6.0.7.1-14.i386.rpm 6530b8195c456b770476178365a22aee ImageMagick-c++-devel-6.0.7.1-14.i386.rpm a4a1d6bc54840e4115db2bb3593b7b4d ImageMagick-devel-6.0.7.1-14.i386.rpm 303e6a26c3f268114235bb5e8c236dd7 ImageMagick-perl-6.0.7.1-14.i386.rpm d035be77c8ac2aec410ba0b2fa5df288 IA-64: ImageMagick-6.0.7.1-14.ia64.rpm 73ecded1c169bc13cd8b408de6aeaa12 ImageMagick-c++-6.0.7.1-14.ia64.rpm 68c0f11baf659152dde65a2ed9cbb63c ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm fb9db38ef0cbbe9dc218cf7317c46d73 ImageMagick-devel-6.0.7.1-14.ia64.rpm d7da6da6d6701d91b289d56ec85a4e88 ImageMagick-perl-6.0.7.1-14.ia64.rpm 51d385a20a8a6fc8c2f012809649fdd1 x86_64: ImageMagick-6.0.7.1-14.x86_64.rpm b1a29f3adda3e342999afaddc9b1ba79 ImageMagick-c++-6.0.7.1-14.x86_64.rpm dad10d79313cba668a451ed4b9db2cd6 ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm 8dffae4e528667fd7e62c1cb9742f325 ImageMagick-devel-6.0.7.1-14.x86_64.rpm 4ba905218af2b39b3481e27073e0d167 ImageMagick-perl-6.0.7.1-14.x86_64.rpm 30f2cd9845c5c47b33eb0dfb9b955089 Red Hat Enterprise Linux WS (v. 2.1) SRPMS: ImageMagick-5.3.8-14.src.rpm 42bbcea652834593b3b310eb507aafc3 IA-32: ImageMagick-5.3.8-14.i386.rpm 02ddcb3f4ad034e9b73775736aa0e1e5 ImageMagick-c++-5.3.8-14.i386.rpm 9ff2cfbc9138bd690f6cc429854410ff ImageMagick-c++-devel-5.3.8-14.i386.rpm 4ef1eec645c151bdd5152dd146c8ddc8 ImageMagick-devel-5.3.8-14.i386.rpm 36f335302afb16e04855300c7f3be3ab ImageMagick-perl-5.3.8-14.i386.rpm 5bba822c10f59ac762c6e8379d8fdfe6 Red Hat Enterprise Linux WS (v. 3) SRPMS: ImageMagick-5.5.6-18.src.rpm 912eac513bb360bdc71bc2721389f59e IA-32: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-devel-5.5.6-18.i386.rpm 797a6d26a14f757b548ca2c70511c468 ImageMagick-devel-5.5.6-18.i386.rpm 02d788c894a578bdb5c2c02715c0c285 ImageMagick-perl-5.5.6-18.i386.rpm c2b6d87dbf2a9af764942f8bd3fdc759 IA-64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.ia64.rpm 836aa74bd8257394f97ea4c47725922d ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.ia64.rpm 4390be2fa1a09732385ec27b1395ee47 ImageMagick-c++-devel-5.5.6-18.ia64.rpm f0ddc57cec34c456c5a6c7ba3dd6ea88 ImageMagick-devel-5.5.6-18.ia64.rpm 9ba0a896fd63af3c89ba2560dc8b197c ImageMagick-perl-5.5.6-18.ia64.rpm 5332d039f3544f8d6b40bfd590b4c071 x86_64: ImageMagick-5.5.6-18.i386.rpm ff0dd10877b3d8b30d7285973808e545 ImageMagick-5.5.6-18.x86_64.rpm 5cf37692eaaed39642fd2ac14027895f ImageMagick-c++-5.5.6-18.i386.rpm bdd4335990f1c36d1c009bb8cc39bb57 ImageMagick-c++-5.5.6-18.x86_64.rpm 376395958ba49614b254d3f4dc8870a3 ImageMagick-c++-devel-5.5.6-18.x86_64.rpm e046834322f8dbe5d4de3a907fd18c0f ImageMagick-devel-5.5.6-18.x86_64.rpm 39a8c5ae4b7d5f261d3982f45d375605 ImageMagick-perl-5.5.6-18.x86_64.rpm 05eb8f5a7e8d79d1ff52ba0fbbd32fb9 Red Hat Enterprise Linux WS (v. 4) SRPMS: ImageMagick-6.0.7.1-14.src.rpm 943009b437200ac884a17bc0ba1ed6d5 IA-32: ImageMagick-6.0.7.1-14.i386.rpm 2bc5f48610909531555790d4aa0f0761 ImageMagick-c++-6.0.7.1-14.i386.rpm 6530b8195c456b770476178365a22aee ImageMagick-c++-devel-6.0.7.1-14.i386.rpm a4a1d6bc54840e4115db2bb3593b7b4d ImageMagick-devel-6.0.7.1-14.i386.rpm 303e6a26c3f268114235bb5e8c236dd7 ImageMagick-perl-6.0.7.1-14.i386.rpm d035be77c8ac2aec410ba0b2fa5df288 IA-64: ImageMagick-6.0.7.1-14.ia64.rpm 73ecded1c169bc13cd8b408de6aeaa12 ImageMagick-c++-6.0.7.1-14.ia64.rpm 68c0f11baf659152dde65a2ed9cbb63c ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm fb9db38ef0cbbe9dc218cf7317c46d73 ImageMagick-devel-6.0.7.1-14.ia64.rpm d7da6da6d6701d91b289d56ec85a4e88 ImageMagick-perl-6.0.7.1-14.ia64.rpm 51d385a20a8a6fc8c2f012809649fdd1 x86_64: ImageMagick-6.0.7.1-14.x86_64.rpm b1a29f3adda3e342999afaddc9b1ba79 ImageMagick-c++-6.0.7.1-14.x86_64.rpm dad10d79313cba668a451ed4b9db2cd6 ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm 8dffae4e528667fd7e62c1cb9742f325 ImageMagick-devel-6.0.7.1-14.x86_64.rpm 4ba905218af2b39b3481e27073e0d167 ImageMagick-perl-6.0.7.1-14.x86_64.rpm 30f2cd9845c5c47b33eb0dfb9b955089 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SRPMS: ImageMagick-5.3.8-14.src.rpm 42bbcea652834593b3b310eb507aafc3 IA-64: ImageMagick-5.3.8-14.ia64.rpm 3753e29706f68b6acc52193ac10313db ImageMagick-c++-5.3.8-14.ia64.rpm 629ea2a18833c23d4aea32103c7403d0 ImageMagick-c++-devel-5.3.8-14.ia64.rpm 829a6264533cdcd2aba7e178d3c2d178 ImageMagick-devel-5.3.8-14.ia64.rpm f096b2286e66b34308cb1e9c7e18ee21 ImageMagick-perl-5.3.8-14.ia64.rpm 3b3519336c7b2a962224ac88d9156bfc (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 176837 - CVE-2005-4601 ImageMagick display command shell command injection 176925 - CVE-2006-0082 ImageMagick format string vulnerability. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 [***** End RHSA-2006:0178-4 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-114: Security Vulnerability in Sun Java System Access Manager Q-115: Microsoft IE5 WMF Security Advisory Q-116: Possible Vulnerability in Windows Service ACLs Q-117: Java Web Start Vulnerability Q-118: JRE Untrusted Applet Privilege Elevation Q-119: xpdf/kdegraphics Security Update Q-120: Cumulative Security Update for Internet Explorer Q-121: Vulnerability in Windows Media Player Q-122: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Q-123: Vulnerability in Web Client Service Could Allow Remote Code Execution