__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN ImageMagick Security Update [Red Hat RHSA-2006:0633-5] August 24, 2006 17:00 GMT Number Q-295 [REVISED 5 Sept 2006] [REVISED 20 Nov 2006] ______________________________________________________________________________ PROBLEM: There are several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. PLATFORM: Red Hat Desktop (v. 3 & v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, & v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.1 alias sarge DAMAGE: An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacker could execute arbitrary code on ASSESSMENT: a victim's machine if they were able to trick the victim into opening a specially crafted image file. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-295.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0633-5 https://rhn.redhat.com/errata/RHSA-2006-0633.html ADDITIONAL LINKS: Debian Security Advisory DSA-1168-1 http://www.debian.org/security/2006/dsa-1168 Debian Security Advisory DSA-1207-2 http://www.debian.org/security/2006/dsa-1207 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-3743 CVE-2006-3744 CVE-2006-4144 ______________________________________________________________________________ REVISION HISTORY: 09/05/2006 - revised to add a link to Debian Security Advisory DSA-1168-1 for Debian GNU/Linux 3.1 alias sarge. 11/20/2006 - revised to add a link to Debian Security Advisory DSA-1213-1 for Debian GNU/Linux 3.1 alias sarge. [***** Start Red Hat RHSA-2006:0633-5 *****] Moderate: ImageMagick security update Advisory: RHSA-2006:0633-5 Type: Security Advisory Issued on: 2006-08-24 Last updated on: 2006-08-24 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-3743 CVE-2006-3744 CVE-2006-4144 Details Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae IA-32: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636 ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204 ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227 x86_64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87 ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108 ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5 IA-32: ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0 ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3 ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5 ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96 ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4 x86_64: ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830 ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80 IA-32: ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8 ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4 IA-64: ImageMagick-5.3.8-16.ia64.rpm 397fdbc18c18676572bbd08b7b553ef7 ImageMagick-c++-5.3.8-16.ia64.rpm de51019600457d16a9f1c2aada788f82 ImageMagick-c++-devel-5.3.8-16.ia64.rpm 83609c183e34f11bf57b5a9a3758b90a ImageMagick-devel-5.3.8-16.ia64.rpm e2b208ef6333a5a6432e41d8412c935e ImageMagick-perl-5.3.8-16.ia64.rpm af83cc3860d24179a71c5b6bec51a5ba Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae IA-32: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636 ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204 ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227 IA-64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584 ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641 ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6 PPC: ImageMagick-5.5.6-20.ppc.rpm 5dd343a64e1ee0940efb6bb7a53726fc ImageMagick-5.5.6-20.ppc64.rpm c95bd3568019802d1585747f0393b62f ImageMagick-c++-5.5.6-20.ppc.rpm 05c16fdb9dbb529b6d8e8005faca65df ImageMagick-c++-5.5.6-20.ppc64.rpm 371d3600959f6d4924c813916a08b748 ImageMagick-c++-devel-5.5.6-20.ppc.rpm dcf5ede30b2d305a2acec1c39ef509f9 ImageMagick-devel-5.5.6-20.ppc.rpm 12eb5eda512a200dc63d82a2f3d42f53 ImageMagick-perl-5.5.6-20.ppc.rpm d979b4a29bad733dd9f0d8fe7135bf28 s390: ImageMagick-5.5.6-20.s390.rpm ee010a4baae9c8ec95ab3c720034a2e3 ImageMagick-c++-5.5.6-20.s390.rpm 11d78448026b7be7163fe83556de24a5 ImageMagick-c++-devel-5.5.6-20.s390.rpm 51cddfd11bc0a0a73e29a77bfeeffb67 ImageMagick-devel-5.5.6-20.s390.rpm 0bfcd98d989c09b3a75c8b8a52d76a9b ImageMagick-perl-5.5.6-20.s390.rpm 8a4fda0c318b490ac83a3258e8d66318 s390x: ImageMagick-5.5.6-20.s390.rpm ee010a4baae9c8ec95ab3c720034a2e3 ImageMagick-5.5.6-20.s390x.rpm c49ee6e2d994da23f7ddd16da2b6bcbf ImageMagick-c++-5.5.6-20.s390.rpm 11d78448026b7be7163fe83556de24a5 ImageMagick-c++-5.5.6-20.s390x.rpm 02d642304740614222695d924db94372 ImageMagick-c++-devel-5.5.6-20.s390x.rpm f23d766a1b16405708220b3fdbb2d95b ImageMagick-devel-5.5.6-20.s390x.rpm 896aa876329c9220f9dfb4d36772eff9 ImageMagick-perl-5.5.6-20.s390x.rpm 431bed3e2960efe433a51e1ec98bf979 x86_64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87 ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108 ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5 IA-32: ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0 ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3 ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5 ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96 ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4 IA-64: ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57 ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8 ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192 ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5 ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36 PPC: ImageMagick-6.0.7.1-16.ppc.rpm 1fa7978f53c957401b1fb4e305597eb6 ImageMagick-c++-6.0.7.1-16.ppc.rpm 21f396eef95a83b401db4dd1b2f2f5ab ImageMagick-c++-devel-6.0.7.1-16.ppc.rpm 6d4d00a765a635cc9ee46bf786806ef4 ImageMagick-devel-6.0.7.1-16.ppc.rpm 575e11a7b0d03a615cba7813a4b2eab3 ImageMagick-perl-6.0.7.1-16.ppc.rpm 65ed655b2067c607b1c3888cc587da5b s390: ImageMagick-6.0.7.1-16.s390.rpm 90fccabcb6e6d6fde15b58f5f5c86bbe ImageMagick-c++-6.0.7.1-16.s390.rpm 3eed19ca930c354f2c478abd18d440f5 ImageMagick-c++-devel-6.0.7.1-16.s390.rpm 49995b3fad116ae795ce7b57decd0390 ImageMagick-devel-6.0.7.1-16.s390.rpm 981cffbbdd43b5bc44a7ad97cb3f8c95 ImageMagick-perl-6.0.7.1-16.s390.rpm 32d842feb9edbb703306483668b2dac1 s390x: ImageMagick-6.0.7.1-16.s390x.rpm aeda92a53ec7d274700741e0e2afede1 ImageMagick-c++-6.0.7.1-16.s390x.rpm 750fe3a655f8d7965a02e7da02d3b4d5 ImageMagick-c++-devel-6.0.7.1-16.s390x.rpm 0837ba3c8cec1c8876c23b67e986f50e ImageMagick-devel-6.0.7.1-16.s390x.rpm 92c372b91272a692bdbd0bfa61724217 ImageMagick-perl-6.0.7.1-16.s390x.rpm 6bda8ccd64a7f7384e89dd493fa2699c x86_64: ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830 ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80 IA-32: ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8 ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae IA-32: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636 ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204 ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227 IA-64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584 ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641 ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6 x86_64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87 ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108 ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5 IA-32: ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0 ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3 ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5 ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96 ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4 IA-64: ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57 ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8 ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192 ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5 ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36 x86_64: ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830 ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80 IA-32: ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8 ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae IA-32: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636 ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204 ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227 IA-64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584 ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641 ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6 x86_64: ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405 ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5 ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87 ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108 ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5 IA-32: ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0 ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3 ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5 ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96 ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4 IA-64: ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57 ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8 ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192 ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5 ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36 x86_64: ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830 ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80 IA-64: ImageMagick-5.3.8-16.ia64.rpm 397fdbc18c18676572bbd08b7b553ef7 ImageMagick-c++-5.3.8-16.ia64.rpm de51019600457d16a9f1c2aada788f82 ImageMagick-c++-devel-5.3.8-16.ia64.rpm 83609c183e34f11bf57b5a9a3758b90a ImageMagick-devel-5.3.8-16.ia64.rpm e2b208ef6333a5a6432e41d8412c935e ImageMagick-perl-5.3.8-16.ia64.rpm af83cc3860d24179a71c5b6bec51a5ba (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 202193 - CVE-2006-3743 ImageMagick multiple security issues (CVE-2006-3744) 202771 - CVE-2006-4144 ImageMagick ReadSGIImage() integer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0633-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-285: ncompress Q-286: RPC Interface Heap Overflow Q-287: Shadow Programming Error Q-288: ClamAV Buffer Overflow Q-289: Vulnerability May Allow Users With the "File System Management" RBAC Profile to Gain Elevated Privileges Q-290: Xsan Filesystem 1.4 Q-291: Buffer Overflow in the format(1M) Command Q-292: XFree86 Security Update Q-293: Kernel Security Update Q-294: Multiple Security Vulnerabilities in Mozilla 1.4 and 1.7