__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN ImageMagick Security Update [Red Hat RHSA-2007:0015-5] February 15, 2007 19:00 GMT Number R-141 ______________________________________________________________________________ PROBLEM: Vulnerabilities exist in the decoders for DCM, PALM, and SGI images that may allow execution of arbitrary code. PLATFORM: Red Hat Desktop (v. 3 and v.4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, and v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 3.1 alias sarge DAMAGE: May allow execution of arbitrary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An intruder who could coerce a user to ASSESSMENT: opena malicious DCM, PALM, or SGI image could run arbitrary code in the context of the logged-in user. A patch for the PALM vulnerability in this bulletin has been shown to not be effective. See Debian Security Advisory DSA-1260-1 http://www.debian.org/security/2007/dsa-1260. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-141.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0015.html ADDITIONAL LINK: Debian Security Advisory DSA-1260-1 http://www.debian.org/security/2007/dsa-1260 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-2440 CVE-2006-5456 CVE-2006-5868 CVE-2007-0770 NOTE: CVE-2006-5456 patch did not work, see CVE-2006-0770, replaces CVE-2006-5456, DSA-1260-1 http://www.debian.org/security/2007/dsa-1260 ______________________________________________________________________________ [***** Start Red Hat RHSA-2007:0015-5 *****] Moderate: ImageMagick security update Advisory: RHSA-2007:0015-5 Type: Security Advisory Severity: Moderate Issued on: 2007-02-15 Last updated on: 2007-02-15 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor OVAL: com.redhat.rhsa-20070015.xml CVEs (cve.mitre.org): CVE-2006-2440 CVE-2006-5456 CVE-2006-5868 Details Updated ImageMagick packages that correct several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file (CVE-2006-5456, CVE-2006-5868). A heap overflow flaw was found in ImageMagick. An attacker may be able to execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted file (CVE-2006-2440). This issue only affected the version of ImageMagick distributed with Red Hat Enterprise Linux 4. Users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-24.src.rpm 3bc950ceb552980d3f1c21bae5315d7e IA-32: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-devel-5.5.6-24.i386.rpm ece4528cde3b2482ed05c51733a4e5c3 ImageMagick-devel-5.5.6-24.i386.rpm 11c8fcd1c18be1adabbf54f850185805 ImageMagick-perl-5.5.6-24.i386.rpm 78d0675a445d7335a9b8bf9d2544d50d x86_64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.x86_64.rpm db92a0a1333d240dbd1b6385471dba5d ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.x86_64.rpm eccf9720c31adb5ee69b14225160ac3c ImageMagick-c++-devel-5.5.6-24.x86_64.rpm ab1c05b920996aed894619f5751f6b29 ImageMagick-devel-5.5.6-24.x86_64.rpm d2e2dab017e2269d1d56f485b65ac575 ImageMagick-perl-5.5.6-24.x86_64.rpm 5e1adfa36e1f65b2376d9db34a4c225c Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.0.3.src.rpm 8ba50344d72fa3ed2dc8f13885033f16 IA-32: ImageMagick-6.0.7.1-16.0.3.i386.rpm 403efb368019b49e27d607b787f0bcfc ImageMagick-c++-6.0.7.1-16.0.3.i386.rpm af1dd3384e84f325712103903e936b79 ImageMagick-c++-devel-6.0.7.1-16.0.3.i386.rpm 6b240b1bcaa2d8963cd0b7e063ed06e3 ImageMagick-devel-6.0.7.1-16.0.3.i386.rpm 847a3979f10ee0d50b53d26e66353474 ImageMagick-perl-6.0.7.1-16.0.3.i386.rpm ec32e050f5a54e53a13c69729af6c569 x86_64: ImageMagick-6.0.7.1-16.0.3.x86_64.rpm 2c561526d05cab194880c3b51c7d81b9 ImageMagick-c++-6.0.7.1-16.0.3.x86_64.rpm 6e9e51c2fbef3f88a954af41f2598d8e ImageMagick-c++-devel-6.0.7.1-16.0.3.x86_64.rpm 9c5c0a0bedc7fa1cc63e79adb6450cdb ImageMagick-devel-6.0.7.1-16.0.3.x86_64.rpm 1a83c8311f29525e2361d0ffd8a4980b ImageMagick-perl-6.0.7.1-16.0.3.x86_64.rpm bc758e97974722c09746f100e7aa614a Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-18.src.rpm 5b13d2b87e699fa3ecc4861df2c21d85 IA-32: ImageMagick-5.3.8-18.i386.rpm 109a54c8115e9f929a120fe907ac1bbe ImageMagick-c++-5.3.8-18.i386.rpm 60cf95f3801824d731cfe3d93f3cc516 ImageMagick-c++-devel-5.3.8-18.i386.rpm edb9abb15ef1cc8591236a5f5dd8dee5 ImageMagick-devel-5.3.8-18.i386.rpm fae9ae59ec43099ff7eeae3c3f04b6fc ImageMagick-perl-5.3.8-18.i386.rpm ceec4698e6267617714a29671e7e4b64 IA-64: ImageMagick-5.3.8-18.ia64.rpm 54b13bbeeca97ca66b702f007ebd9503 ImageMagick-c++-5.3.8-18.ia64.rpm e5d8dfdd4c976643759ba672776e6c08 ImageMagick-c++-devel-5.3.8-18.ia64.rpm bebe9a5db3becec10f24c928a07ab4f5 ImageMagick-devel-5.3.8-18.ia64.rpm 1e0d98e9a9f1cf0b82fc1fa320e85c1d ImageMagick-perl-5.3.8-18.ia64.rpm c8c3614e04ba85f6aa978314b7d6a1d8 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-24.src.rpm 3bc950ceb552980d3f1c21bae5315d7e IA-32: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-devel-5.5.6-24.i386.rpm ece4528cde3b2482ed05c51733a4e5c3 ImageMagick-devel-5.5.6-24.i386.rpm 11c8fcd1c18be1adabbf54f850185805 ImageMagick-perl-5.5.6-24.i386.rpm 78d0675a445d7335a9b8bf9d2544d50d IA-64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.ia64.rpm 91906175b71992a300ca3573609465e7 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.ia64.rpm ce2ce7cea7ca24c3c203c8c09e3a0f37 ImageMagick-c++-devel-5.5.6-24.ia64.rpm ad06eb6b80e032228d9e31a819dcc3b7 ImageMagick-devel-5.5.6-24.ia64.rpm a90e21b07eb4c75e122d727e59a10898 ImageMagick-perl-5.5.6-24.ia64.rpm 33398fd39d8b4ff5679044c0ed863250 PPC: ImageMagick-5.5.6-24.ppc.rpm cc732e4a0bd23788e9ea0dd66db1c8cb ImageMagick-5.5.6-24.ppc64.rpm 69e719534910f8c71ae95d503071b056 ImageMagick-c++-5.5.6-24.ppc.rpm c505c387cb23b76ad5e02b94da5f5077 ImageMagick-c++-5.5.6-24.ppc64.rpm 302d02b3c23fef2264a57dba732af8fc ImageMagick-c++-devel-5.5.6-24.ppc.rpm 85de69a83083a37591bc42b3c01ea6c3 ImageMagick-devel-5.5.6-24.ppc.rpm 0940ea72f42211f04db878d44f03d845 ImageMagick-perl-5.5.6-24.ppc.rpm a69bf168bf9e0449d5a6270f85fe0a70 s390: ImageMagick-5.5.6-24.s390.rpm 6d2b5fa36d929e8c353868e8dfd6b95f ImageMagick-c++-5.5.6-24.s390.rpm c80729516bf2844dce872359d22d4304 ImageMagick-c++-devel-5.5.6-24.s390.rpm b3c83844aeb38ebcfc329f24bed31dc1 ImageMagick-devel-5.5.6-24.s390.rpm 4b761fada146122d861a6da0e1a6c11c ImageMagick-perl-5.5.6-24.s390.rpm 9c42eceb1da913f05c5886d409d9e533 s390x: ImageMagick-5.5.6-24.s390.rpm 6d2b5fa36d929e8c353868e8dfd6b95f ImageMagick-5.5.6-24.s390x.rpm 83a48034d40a65268c92cd6d3fa0923e ImageMagick-c++-5.5.6-24.s390.rpm c80729516bf2844dce872359d22d4304 ImageMagick-c++-5.5.6-24.s390x.rpm 7c330f27b091c3e4ef1ae772a0d08c3d ImageMagick-c++-devel-5.5.6-24.s390x.rpm a8db406b8b6ca650f96a86733ebfb490 ImageMagick-devel-5.5.6-24.s390x.rpm 71607e82232dd8733ddd76caba6e755d ImageMagick-perl-5.5.6-24.s390x.rpm 722afd966930b322bce57fa5067a6343 x86_64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.x86_64.rpm db92a0a1333d240dbd1b6385471dba5d ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.x86_64.rpm eccf9720c31adb5ee69b14225160ac3c ImageMagick-c++-devel-5.5.6-24.x86_64.rpm ab1c05b920996aed894619f5751f6b29 ImageMagick-devel-5.5.6-24.x86_64.rpm d2e2dab017e2269d1d56f485b65ac575 ImageMagick-perl-5.5.6-24.x86_64.rpm 5e1adfa36e1f65b2376d9db34a4c225c Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.0.3.src.rpm 8ba50344d72fa3ed2dc8f13885033f16 IA-32: ImageMagick-6.0.7.1-16.0.3.i386.rpm 403efb368019b49e27d607b787f0bcfc ImageMagick-c++-6.0.7.1-16.0.3.i386.rpm af1dd3384e84f325712103903e936b79 ImageMagick-c++-devel-6.0.7.1-16.0.3.i386.rpm 6b240b1bcaa2d8963cd0b7e063ed06e3 ImageMagick-devel-6.0.7.1-16.0.3.i386.rpm 847a3979f10ee0d50b53d26e66353474 ImageMagick-perl-6.0.7.1-16.0.3.i386.rpm ec32e050f5a54e53a13c69729af6c569 IA-64: ImageMagick-6.0.7.1-16.0.3.ia64.rpm f3eb1fa2d4dc6eb774d9bff138abba47 ImageMagick-c++-6.0.7.1-16.0.3.ia64.rpm 4948ce851716710e00f705e3e0aeaea8 ImageMagick-c++-devel-6.0.7.1-16.0.3.ia64.rpm 8f250177128cbb3d1afcff6a5522d674 ImageMagick-devel-6.0.7.1-16.0.3.ia64.rpm dbff630e687031a7fa88a14e209cb2fe ImageMagick-perl-6.0.7.1-16.0.3.ia64.rpm 86e458c7092ff28a074a628c69b059dc PPC: ImageMagick-6.0.7.1-16.0.3.ppc.rpm f83a39b89723bb17fe8b39ed91808bf9 ImageMagick-c++-6.0.7.1-16.0.3.ppc.rpm 9c08581e5afaa18b76f3f8573cd85689 ImageMagick-c++-devel-6.0.7.1-16.0.3.ppc.rpm 24a1de0bf0b7e20a9d1d0b6c8ae770d9 ImageMagick-devel-6.0.7.1-16.0.3.ppc.rpm 04c4e8ebe931a369303446e2b256e809 ImageMagick-perl-6.0.7.1-16.0.3.ppc.rpm e615284fbbef05effbc75741b4ad166f s390: ImageMagick-6.0.7.1-16.0.3.s390.rpm fa0be9e39c21e2614df650f7c6df01a0 ImageMagick-c++-6.0.7.1-16.0.3.s390.rpm 9ae1153b5507ee12b1d0b8a70128c361 ImageMagick-c++-devel-6.0.7.1-16.0.3.s390.rpm f8ea16d5933639c687d2600c613198b5 ImageMagick-devel-6.0.7.1-16.0.3.s390.rpm 8e220d50cc09ca1b9db38df6dbf3d338 ImageMagick-perl-6.0.7.1-16.0.3.s390.rpm 20f51c2c36b0f5659def080b054e0189 s390x: ImageMagick-6.0.7.1-16.0.3.s390x.rpm 7629763b389c6aadd7c6787b3e321e02 ImageMagick-c++-6.0.7.1-16.0.3.s390x.rpm 4a5bb45313add5ad8881e90a25038efd ImageMagick-c++-devel-6.0.7.1-16.0.3.s390x.rpm 01be6d16a163a13ba0f7ea653f7d5199 ImageMagick-devel-6.0.7.1-16.0.3.s390x.rpm dffeb8afca405a2fc05f8d3ae738a983 ImageMagick-perl-6.0.7.1-16.0.3.s390x.rpm 1e14883652257e2b5a4de605ecf40797 x86_64: ImageMagick-6.0.7.1-16.0.3.x86_64.rpm 2c561526d05cab194880c3b51c7d81b9 ImageMagick-c++-6.0.7.1-16.0.3.x86_64.rpm 6e9e51c2fbef3f88a954af41f2598d8e ImageMagick-c++-devel-6.0.7.1-16.0.3.x86_64.rpm 9c5c0a0bedc7fa1cc63e79adb6450cdb ImageMagick-devel-6.0.7.1-16.0.3.x86_64.rpm 1a83c8311f29525e2361d0ffd8a4980b ImageMagick-perl-6.0.7.1-16.0.3.x86_64.rpm bc758e97974722c09746f100e7aa614a Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-18.src.rpm 5b13d2b87e699fa3ecc4861df2c21d85 IA-32: ImageMagick-5.3.8-18.i386.rpm 109a54c8115e9f929a120fe907ac1bbe ImageMagick-c++-5.3.8-18.i386.rpm 60cf95f3801824d731cfe3d93f3cc516 ImageMagick-c++-devel-5.3.8-18.i386.rpm edb9abb15ef1cc8591236a5f5dd8dee5 ImageMagick-devel-5.3.8-18.i386.rpm fae9ae59ec43099ff7eeae3c3f04b6fc ImageMagick-perl-5.3.8-18.i386.rpm ceec4698e6267617714a29671e7e4b64 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-24.src.rpm 3bc950ceb552980d3f1c21bae5315d7e IA-32: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-devel-5.5.6-24.i386.rpm ece4528cde3b2482ed05c51733a4e5c3 ImageMagick-devel-5.5.6-24.i386.rpm 11c8fcd1c18be1adabbf54f850185805 ImageMagick-perl-5.5.6-24.i386.rpm 78d0675a445d7335a9b8bf9d2544d50d IA-64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.ia64.rpm 91906175b71992a300ca3573609465e7 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.ia64.rpm ce2ce7cea7ca24c3c203c8c09e3a0f37 ImageMagick-c++-devel-5.5.6-24.ia64.rpm ad06eb6b80e032228d9e31a819dcc3b7 ImageMagick-devel-5.5.6-24.ia64.rpm a90e21b07eb4c75e122d727e59a10898 ImageMagick-perl-5.5.6-24.ia64.rpm 33398fd39d8b4ff5679044c0ed863250 x86_64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.x86_64.rpm db92a0a1333d240dbd1b6385471dba5d ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.x86_64.rpm eccf9720c31adb5ee69b14225160ac3c ImageMagick-c++-devel-5.5.6-24.x86_64.rpm ab1c05b920996aed894619f5751f6b29 ImageMagick-devel-5.5.6-24.x86_64.rpm d2e2dab017e2269d1d56f485b65ac575 ImageMagick-perl-5.5.6-24.x86_64.rpm 5e1adfa36e1f65b2376d9db34a4c225c Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.0.3.src.rpm 8ba50344d72fa3ed2dc8f13885033f16 IA-32: ImageMagick-6.0.7.1-16.0.3.i386.rpm 403efb368019b49e27d607b787f0bcfc ImageMagick-c++-6.0.7.1-16.0.3.i386.rpm af1dd3384e84f325712103903e936b79 ImageMagick-c++-devel-6.0.7.1-16.0.3.i386.rpm 6b240b1bcaa2d8963cd0b7e063ed06e3 ImageMagick-devel-6.0.7.1-16.0.3.i386.rpm 847a3979f10ee0d50b53d26e66353474 ImageMagick-perl-6.0.7.1-16.0.3.i386.rpm ec32e050f5a54e53a13c69729af6c569 IA-64: ImageMagick-6.0.7.1-16.0.3.ia64.rpm f3eb1fa2d4dc6eb774d9bff138abba47 ImageMagick-c++-6.0.7.1-16.0.3.ia64.rpm 4948ce851716710e00f705e3e0aeaea8 ImageMagick-c++-devel-6.0.7.1-16.0.3.ia64.rpm 8f250177128cbb3d1afcff6a5522d674 ImageMagick-devel-6.0.7.1-16.0.3.ia64.rpm dbff630e687031a7fa88a14e209cb2fe ImageMagick-perl-6.0.7.1-16.0.3.ia64.rpm 86e458c7092ff28a074a628c69b059dc x86_64: ImageMagick-6.0.7.1-16.0.3.x86_64.rpm 2c561526d05cab194880c3b51c7d81b9 ImageMagick-c++-6.0.7.1-16.0.3.x86_64.rpm 6e9e51c2fbef3f88a954af41f2598d8e ImageMagick-c++-devel-6.0.7.1-16.0.3.x86_64.rpm 9c5c0a0bedc7fa1cc63e79adb6450cdb ImageMagick-devel-6.0.7.1-16.0.3.x86_64.rpm 1a83c8311f29525e2361d0ffd8a4980b ImageMagick-perl-6.0.7.1-16.0.3.x86_64.rpm bc758e97974722c09746f100e7aa614a Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-18.src.rpm 5b13d2b87e699fa3ecc4861df2c21d85 IA-32: ImageMagick-5.3.8-18.i386.rpm 109a54c8115e9f929a120fe907ac1bbe ImageMagick-c++-5.3.8-18.i386.rpm 60cf95f3801824d731cfe3d93f3cc516 ImageMagick-c++-devel-5.3.8-18.i386.rpm edb9abb15ef1cc8591236a5f5dd8dee5 ImageMagick-devel-5.3.8-18.i386.rpm fae9ae59ec43099ff7eeae3c3f04b6fc ImageMagick-perl-5.3.8-18.i386.rpm ceec4698e6267617714a29671e7e4b64 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-24.src.rpm 3bc950ceb552980d3f1c21bae5315d7e IA-32: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-devel-5.5.6-24.i386.rpm ece4528cde3b2482ed05c51733a4e5c3 ImageMagick-devel-5.5.6-24.i386.rpm 11c8fcd1c18be1adabbf54f850185805 ImageMagick-perl-5.5.6-24.i386.rpm 78d0675a445d7335a9b8bf9d2544d50d IA-64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.ia64.rpm 91906175b71992a300ca3573609465e7 ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.ia64.rpm ce2ce7cea7ca24c3c203c8c09e3a0f37 ImageMagick-c++-devel-5.5.6-24.ia64.rpm ad06eb6b80e032228d9e31a819dcc3b7 ImageMagick-devel-5.5.6-24.ia64.rpm a90e21b07eb4c75e122d727e59a10898 ImageMagick-perl-5.5.6-24.ia64.rpm 33398fd39d8b4ff5679044c0ed863250 x86_64: ImageMagick-5.5.6-24.i386.rpm 6a55ce27a37b9e59756aa204084a3e19 ImageMagick-5.5.6-24.x86_64.rpm db92a0a1333d240dbd1b6385471dba5d ImageMagick-c++-5.5.6-24.i386.rpm e87155faf7715f7885590812b35a49fd ImageMagick-c++-5.5.6-24.x86_64.rpm eccf9720c31adb5ee69b14225160ac3c ImageMagick-c++-devel-5.5.6-24.x86_64.rpm ab1c05b920996aed894619f5751f6b29 ImageMagick-devel-5.5.6-24.x86_64.rpm d2e2dab017e2269d1d56f485b65ac575 ImageMagick-perl-5.5.6-24.x86_64.rpm 5e1adfa36e1f65b2376d9db34a4c225c Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-16.0.3.src.rpm 8ba50344d72fa3ed2dc8f13885033f16 IA-32: ImageMagick-6.0.7.1-16.0.3.i386.rpm 403efb368019b49e27d607b787f0bcfc ImageMagick-c++-6.0.7.1-16.0.3.i386.rpm af1dd3384e84f325712103903e936b79 ImageMagick-c++-devel-6.0.7.1-16.0.3.i386.rpm 6b240b1bcaa2d8963cd0b7e063ed06e3 ImageMagick-devel-6.0.7.1-16.0.3.i386.rpm 847a3979f10ee0d50b53d26e66353474 ImageMagick-perl-6.0.7.1-16.0.3.i386.rpm ec32e050f5a54e53a13c69729af6c569 IA-64: ImageMagick-6.0.7.1-16.0.3.ia64.rpm f3eb1fa2d4dc6eb774d9bff138abba47 ImageMagick-c++-6.0.7.1-16.0.3.ia64.rpm 4948ce851716710e00f705e3e0aeaea8 ImageMagick-c++-devel-6.0.7.1-16.0.3.ia64.rpm 8f250177128cbb3d1afcff6a5522d674 ImageMagick-devel-6.0.7.1-16.0.3.ia64.rpm dbff630e687031a7fa88a14e209cb2fe ImageMagick-perl-6.0.7.1-16.0.3.ia64.rpm 86e458c7092ff28a074a628c69b059dc x86_64: ImageMagick-6.0.7.1-16.0.3.x86_64.rpm 2c561526d05cab194880c3b51c7d81b9 ImageMagick-c++-6.0.7.1-16.0.3.x86_64.rpm 6e9e51c2fbef3f88a954af41f2598d8e ImageMagick-c++-devel-6.0.7.1-16.0.3.x86_64.rpm 9c5c0a0bedc7fa1cc63e79adb6450cdb ImageMagick-devel-6.0.7.1-16.0.3.x86_64.rpm 1a83c8311f29525e2361d0ffd8a4980b ImageMagick-perl-6.0.7.1-16.0.3.x86_64.rpm bc758e97974722c09746f100e7aa614a Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.3.8-18.src.rpm 5b13d2b87e699fa3ecc4861df2c21d85 IA-64: ImageMagick-5.3.8-18.ia64.rpm 54b13bbeeca97ca66b702f007ebd9503 ImageMagick-c++-5.3.8-18.ia64.rpm e5d8dfdd4c976643759ba672776e6c08 ImageMagick-c++-devel-5.3.8-18.ia64.rpm bebe9a5db3becec10f24c928a07ab4f5 ImageMagick-devel-5.3.8-18.ia64.rpm 1e0d98e9a9f1cf0b82fc1fa320e85c1d ImageMagick-perl-5.3.8-18.ia64.rpm c8c3614e04ba85f6aa978314b7d6a1d8 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 192278 - CVE-2006-2440 ImageMagick heap overflow 210921 - CVE-2006-5456 Overflows in GraphicsMagick and ImageMagick's DCM and PALM handling routines 217558 - CVE-2006-5868 Insufficient boundary check in ImageMagick's SGIDecode() References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868 http://www.redhat.com/security/updates/classification/#moderate Keywords buffer, DCM, DisplayImageCommand, heap, overflow, PALM, SGI -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0015-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-131: Vulnerabilities in Microsoft Office (932554) R-132: Vulnerabilities in Microsoft Word (929434) R-133: Vulnerability in Microsft RichEdit (918118) R-134: Vulnerability in Microsoft MFC (924667) R-135: Vulnerability in Windows Image Acquisition Service (927802) R-136: Vulnerability in Windows Shell (928255) R-137: Vulnerability in Step-by-Step Interactive Training (923723) R-138: Cumulative Security Update for Internet Explorer (928090) R-139: Security Vulnerability in the in.telnetd(1M) Daemon R-140: Cisco Multiple IOS IPS Vulnerability