__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN ImageMagick Security Update [Red Hat RHSA-2008:0145-8] April 25, 2008 11:00 GMT Number S-271 ______________________________________________________________________________ PROBLEM: There are several security vulnerabilities in ImageMagick which could potentially execute arbitrary code. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 3, v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) DAMAGE: Execute arbitrary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. If a victim opened a specially crafted DCM ASSESSMENT: or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. ______________________________________________________________________________ CVSS 2 BASE SCORE: 7.5 TEMPORAL SCORE: 6.2 VECTOR: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C) ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-271.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0145.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 ______________________________________________________________________________ [***** Start Red Hat RHSA-2008:0145-8 *****] Moderate: ImageMagick security update Advisory: RHSA-2008:0145-8 Type: Security Advisory Severity: Moderate Issued on: 2008-04-16 Last updated on: 2008-04-16 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20080145.xml CVEs (cve.mitre.org): CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 Details Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially-crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) An integer overflow flaw was found in ImageMagick's DIB parsing code. If a victim opened a specially-crafted DIB file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4988) A heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick. (CVE-2008-1096) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code on the victim's machine. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm a173abeb01049363133fb9e02b53b89e ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm 84f3e9f473953d177110cc1d2570f442 x86_64: ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm a173abeb01049363133fb9e02b53b89e ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.x86_64.rpm 42979b82a59332ec2d17e3b7677e9fc6 ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm 84f3e9f473953d177110cc1d2570f442 ImageMagick-devel-6.2.8.0-4.el5_1.1.x86_64.rpm 48392b9f76c303054cb09f7aa65027bd Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-28.src.rpm 26308275af4a2301407877406c66e30a IA-32: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-devel-5.5.6-28.i386.rpm f3725bc0a85fea937b647a3586169cbc ImageMagick-devel-5.5.6-28.i386.rpm c9d002ea01a4f8885393dc602d19471a ImageMagick-perl-5.5.6-28.i386.rpm 8182b1d7437e2b058d9d0e4441003981 x86_64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.x86_64.rpm 94e994d90f057d71d8dcb62b076b9523 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.x86_64.rpm aa342825b34a1fe70c81eeb986eaf9e3 ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ca202f755c01c481407d2aba9fa9efef ImageMagick-devel-5.5.6-28.x86_64.rpm a22f33397a893cbdd6401f7766bf4d85 ImageMagick-perl-5.5.6-28.x86_64.rpm 632a7ac9ec6e1a7b39414332fd35dac5 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-17.el4_6.1.src.rpm 12ce9e8f69c956318f9c953fd4cca73f IA-32: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm 86fb3e67058b4d336c3b9439caee26bd ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm 78d16c7cc80d6d3b090a711a0c7c4e66 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm 79e02265e83dcba05c4c932b81126343 ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm b536c9a6d6a0aa9e879f1800d9848b84 ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm 337bb4694f239ded0ed8006e0ecafaca x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm fa552d47fce62eff32c254f3a6e012dd ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ffc76aef3a3cef630ee755933052bfb4 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 2671ec2965f2c9b6625c7cd9778ff8c7 ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 74959e147cfe5b55378748c51fc150a4 ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm 5f8fcc0d71b809ca093077d107512da2 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.2.8.0-4.el5_1.1.src.rpm 012bced35ee88fed42d66ebba8614bed IA-32: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm d7f2d399d2d8bba15f75e3cc9a4ea190 ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm aeeaee6e241c926505448e00781f1cc8 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm a173abeb01049363133fb9e02b53b89e ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm 84f3e9f473953d177110cc1d2570f442 ImageMagick-perl-6.2.8.0-4.el5_1.1.i386.rpm 48e9226e36e4ceb28b29aa04f2ec25f3 IA-64: ImageMagick-6.2.8.0-4.el5_1.1.ia64.rpm 64865a7c912008e2988c460686cc301b ImageMagick-c++-6.2.8.0-4.el5_1.1.ia64.rpm 9c0159909626afa09b401c1a69b0b41b ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ia64.rpm f5c18b7da270b8e5de87bba68f916463 ImageMagick-devel-6.2.8.0-4.el5_1.1.ia64.rpm 3ce44fd1e67ff2041f5fec8db4df10d5 ImageMagick-perl-6.2.8.0-4.el5_1.1.ia64.rpm 472bcd1a86c0a7dbc58e7fd29d32b5f6 PPC: ImageMagick-6.2.8.0-4.el5_1.1.ppc.rpm ae4b3dddb10977f0e063069ae07b73b4 ImageMagick-6.2.8.0-4.el5_1.1.ppc64.rpm b47c575709d70f68bf3a7554f63c8ed3 ImageMagick-c++-6.2.8.0-4.el5_1.1.ppc.rpm 2ce701001e435ef960506abf963c8b0a ImageMagick-c++-6.2.8.0-4.el5_1.1.ppc64.rpm 41dbca2949ed30495381581f174840f2 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ppc.rpm 1131d4526d55eab024f80a5c75426c92 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ppc64.rpm c4450f56f5d0d7ba0ac089d100326c10 ImageMagick-devel-6.2.8.0-4.el5_1.1.ppc.rpm 4dc4e52721210ba0edc49c6e2afc5dde ImageMagick-devel-6.2.8.0-4.el5_1.1.ppc64.rpm 04e088c92eaa9f1df53371c45d4628ef ImageMagick-perl-6.2.8.0-4.el5_1.1.ppc.rpm 948afdd78f9117d80653e7e506db538d s390x: ImageMagick-6.2.8.0-4.el5_1.1.s390.rpm 16dfc09b928f67b0868cb4c334b08447 ImageMagick-6.2.8.0-4.el5_1.1.s390x.rpm d84b5c77942910d1e40afc77b3a87f79 ImageMagick-c++-6.2.8.0-4.el5_1.1.s390.rpm 2f40ef52a2166cdc7482e3e357d47f80 ImageMagick-c++-6.2.8.0-4.el5_1.1.s390x.rpm 73a68a06f82e90ad5d7f2b1b07ef05e5 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.s390.rpm ef7aa43e2967bb072aa47432fb98e838 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.s390x.rpm c93226bf290ee50f80a639212cebd147 ImageMagick-devel-6.2.8.0-4.el5_1.1.s390.rpm bb7073a40188e2d728e41be67eb2f0d4 ImageMagick-devel-6.2.8.0-4.el5_1.1.s390x.rpm 65741cce41d62a025180d979783800c9 ImageMagick-perl-6.2.8.0-4.el5_1.1.s390x.rpm 2195c3418a62d05dff63175f6c549fbc x86_64: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm d7f2d399d2d8bba15f75e3cc9a4ea190 ImageMagick-6.2.8.0-4.el5_1.1.x86_64.rpm 54106c179dbd7e8f6cceb6d8ca15954e ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm aeeaee6e241c926505448e00781f1cc8 ImageMagick-c++-6.2.8.0-4.el5_1.1.x86_64.rpm 6bd5b1a754f72bb2028e21f40baa3286 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm a173abeb01049363133fb9e02b53b89e ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.x86_64.rpm 42979b82a59332ec2d17e3b7677e9fc6 ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm 84f3e9f473953d177110cc1d2570f442 ImageMagick-devel-6.2.8.0-4.el5_1.1.x86_64.rpm 48392b9f76c303054cb09f7aa65027bd ImageMagick-perl-6.2.8.0-4.el5_1.1.x86_64.rpm 02aed407a28497019fb207e2e0c75800 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-28.src.rpm 26308275af4a2301407877406c66e30a IA-32: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-devel-5.5.6-28.i386.rpm f3725bc0a85fea937b647a3586169cbc ImageMagick-devel-5.5.6-28.i386.rpm c9d002ea01a4f8885393dc602d19471a ImageMagick-perl-5.5.6-28.i386.rpm 8182b1d7437e2b058d9d0e4441003981 IA-64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.ia64.rpm 15236f6b3eff63f5e035522152c62223 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.ia64.rpm cd09f504ea457b3ee4f45029db69a003 ImageMagick-c++-devel-5.5.6-28.ia64.rpm 11b80346c6908d11b4d492060b4d5ef8 ImageMagick-devel-5.5.6-28.ia64.rpm 6830d3954a3e127ea2d7e4a56b597674 ImageMagick-perl-5.5.6-28.ia64.rpm eed5d63e031e0a0b0dfdae73093109d5 PPC: ImageMagick-5.5.6-28.ppc.rpm cfdc17edbf3d404c2147fa87863eccec ImageMagick-5.5.6-28.ppc64.rpm 692ae25829cd071e356eb20e4a1807ad ImageMagick-c++-5.5.6-28.ppc.rpm 4294af13dbc34dc93c3271db0d2170aa ImageMagick-c++-5.5.6-28.ppc64.rpm aa6c8deeacda325d28981dbfc6df8320 ImageMagick-c++-devel-5.5.6-28.ppc.rpm ce91456e1a1d3d723fa8eccb7c70aeb9 ImageMagick-devel-5.5.6-28.ppc.rpm 766be541ebeef495d688911ac405d246 ImageMagick-perl-5.5.6-28.ppc.rpm 6eef36836b553c275f2e2d32ee0a5e81 s390: ImageMagick-5.5.6-28.s390.rpm 6a1ac96ce9f346822237b70e13e960f9 ImageMagick-c++-5.5.6-28.s390.rpm 96fe15fcfd24dee1d3869a4a3ebdce17 ImageMagick-c++-devel-5.5.6-28.s390.rpm 1b94b7000b679a41e71619a1492de6e5 ImageMagick-devel-5.5.6-28.s390.rpm 646ff657ab17dc48a412e41d1435cdfa ImageMagick-perl-5.5.6-28.s390.rpm efbbae7907e29e04a948bb727547554c s390x: ImageMagick-5.5.6-28.s390.rpm 6a1ac96ce9f346822237b70e13e960f9 ImageMagick-5.5.6-28.s390x.rpm e9ace9fee3c059d35de9da3c6913277b ImageMagick-c++-5.5.6-28.s390.rpm 96fe15fcfd24dee1d3869a4a3ebdce17 ImageMagick-c++-5.5.6-28.s390x.rpm c5085078b13bd57ca0ee2fd688770a63 ImageMagick-c++-devel-5.5.6-28.s390x.rpm 7bf34af5f33ca92069604556b0467122 ImageMagick-devel-5.5.6-28.s390x.rpm ef606bac2822c796a3da5efe88b98328 ImageMagick-perl-5.5.6-28.s390x.rpm df17202fe0644326c6e3e60e2410b9ea x86_64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.x86_64.rpm 94e994d90f057d71d8dcb62b076b9523 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.x86_64.rpm aa342825b34a1fe70c81eeb986eaf9e3 ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ca202f755c01c481407d2aba9fa9efef ImageMagick-devel-5.5.6-28.x86_64.rpm a22f33397a893cbdd6401f7766bf4d85 ImageMagick-perl-5.5.6-28.x86_64.rpm 632a7ac9ec6e1a7b39414332fd35dac5 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-17.el4_6.1.src.rpm 12ce9e8f69c956318f9c953fd4cca73f IA-32: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm 86fb3e67058b4d336c3b9439caee26bd ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm 78d16c7cc80d6d3b090a711a0c7c4e66 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm 79e02265e83dcba05c4c932b81126343 ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm b536c9a6d6a0aa9e879f1800d9848b84 ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm 337bb4694f239ded0ed8006e0ecafaca IA-64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm d8c1f9a089ed30396c354ccc4a1fac7f ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ed903fe99db201475526b51c3158a2b6 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ad0193535f03c26d2c9b8ee6fe9d2115 ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm 3fedfc78fcc348324cc362bfa35a2e80 ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm 569ab7e4a9dc8bf6a01e97fccd7f924c PPC: ImageMagick-6.0.7.1-17.el4_6.1.ppc.rpm 498ddec6be31d38ecab58a9f3309bae6 ImageMagick-c++-6.0.7.1-17.el4_6.1.ppc.rpm de2f0d3864b008d98bffaf79a34b107c ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ppc.rpm 5c02b731e5477c0c4506a1244142b4b9 ImageMagick-devel-6.0.7.1-17.el4_6.1.ppc.rpm ad6504d2cbbc0ca4ab620a3348d885ae ImageMagick-perl-6.0.7.1-17.el4_6.1.ppc.rpm 0b47f0676cbfe094da7a70e59e367636 s390: ImageMagick-6.0.7.1-17.el4_6.1.s390.rpm 1b905889f4e00edc835dee4e448ebad1 ImageMagick-c++-6.0.7.1-17.el4_6.1.s390.rpm f03126e166486149f9c9eefab62de864 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.s390.rpm 0fba3b547fa31e7916b402747a99e976 ImageMagick-devel-6.0.7.1-17.el4_6.1.s390.rpm b5c461b700c111d03f523f4521987d24 ImageMagick-perl-6.0.7.1-17.el4_6.1.s390.rpm c3b0bf5a157e87f85c1198c0fe6a4029 s390x: ImageMagick-6.0.7.1-17.el4_6.1.s390x.rpm 0a97992ec528b35132beaf1dd58bc752 ImageMagick-c++-6.0.7.1-17.el4_6.1.s390x.rpm 7a0126348316843405be16ae1f8343fd ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.s390x.rpm 41e1d030ff0afaf12f601881165b8a94 ImageMagick-devel-6.0.7.1-17.el4_6.1.s390x.rpm 2b6ab98ffd9c630877d29fc61bd8063d ImageMagick-perl-6.0.7.1-17.el4_6.1.s390x.rpm 7fc0830d5339c9e85fd290f228d417b6 x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm fa552d47fce62eff32c254f3a6e012dd ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ffc76aef3a3cef630ee755933052bfb4 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 2671ec2965f2c9b6625c7cd9778ff8c7 ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 74959e147cfe5b55378748c51fc150a4 ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm 5f8fcc0d71b809ca093077d107512da2 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.2.8.0-4.el5_1.1.src.rpm 012bced35ee88fed42d66ebba8614bed IA-32: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm d7f2d399d2d8bba15f75e3cc9a4ea190 ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm aeeaee6e241c926505448e00781f1cc8 ImageMagick-perl-6.2.8.0-4.el5_1.1.i386.rpm 48e9226e36e4ceb28b29aa04f2ec25f3 x86_64: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm d7f2d399d2d8bba15f75e3cc9a4ea190 ImageMagick-6.2.8.0-4.el5_1.1.x86_64.rpm 54106c179dbd7e8f6cceb6d8ca15954e ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm aeeaee6e241c926505448e00781f1cc8 ImageMagick-c++-6.2.8.0-4.el5_1.1.x86_64.rpm 6bd5b1a754f72bb2028e21f40baa3286 ImageMagick-perl-6.2.8.0-4.el5_1.1.x86_64.rpm 02aed407a28497019fb207e2e0c75800 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-28.src.rpm 26308275af4a2301407877406c66e30a IA-32: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-devel-5.5.6-28.i386.rpm f3725bc0a85fea937b647a3586169cbc ImageMagick-devel-5.5.6-28.i386.rpm c9d002ea01a4f8885393dc602d19471a ImageMagick-perl-5.5.6-28.i386.rpm 8182b1d7437e2b058d9d0e4441003981 IA-64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.ia64.rpm 15236f6b3eff63f5e035522152c62223 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.ia64.rpm cd09f504ea457b3ee4f45029db69a003 ImageMagick-c++-devel-5.5.6-28.ia64.rpm 11b80346c6908d11b4d492060b4d5ef8 ImageMagick-devel-5.5.6-28.ia64.rpm 6830d3954a3e127ea2d7e4a56b597674 ImageMagick-perl-5.5.6-28.ia64.rpm eed5d63e031e0a0b0dfdae73093109d5 x86_64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.x86_64.rpm 94e994d90f057d71d8dcb62b076b9523 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.x86_64.rpm aa342825b34a1fe70c81eeb986eaf9e3 ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ca202f755c01c481407d2aba9fa9efef ImageMagick-devel-5.5.6-28.x86_64.rpm a22f33397a893cbdd6401f7766bf4d85 ImageMagick-perl-5.5.6-28.x86_64.rpm 632a7ac9ec6e1a7b39414332fd35dac5 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-17.el4_6.1.src.rpm 12ce9e8f69c956318f9c953fd4cca73f IA-32: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm 86fb3e67058b4d336c3b9439caee26bd ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm 78d16c7cc80d6d3b090a711a0c7c4e66 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm 79e02265e83dcba05c4c932b81126343 ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm b536c9a6d6a0aa9e879f1800d9848b84 ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm 337bb4694f239ded0ed8006e0ecafaca IA-64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm d8c1f9a089ed30396c354ccc4a1fac7f ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ed903fe99db201475526b51c3158a2b6 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ad0193535f03c26d2c9b8ee6fe9d2115 ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm 3fedfc78fcc348324cc362bfa35a2e80 ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm 569ab7e4a9dc8bf6a01e97fccd7f924c x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm fa552d47fce62eff32c254f3a6e012dd ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ffc76aef3a3cef630ee755933052bfb4 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 2671ec2965f2c9b6625c7cd9778ff8c7 ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 74959e147cfe5b55378748c51fc150a4 ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm 5f8fcc0d71b809ca093077d107512da2 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: ImageMagick-5.5.6-28.src.rpm 26308275af4a2301407877406c66e30a IA-32: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-devel-5.5.6-28.i386.rpm f3725bc0a85fea937b647a3586169cbc ImageMagick-devel-5.5.6-28.i386.rpm c9d002ea01a4f8885393dc602d19471a ImageMagick-perl-5.5.6-28.i386.rpm 8182b1d7437e2b058d9d0e4441003981 IA-64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.ia64.rpm 15236f6b3eff63f5e035522152c62223 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.ia64.rpm cd09f504ea457b3ee4f45029db69a003 ImageMagick-c++-devel-5.5.6-28.ia64.rpm 11b80346c6908d11b4d492060b4d5ef8 ImageMagick-devel-5.5.6-28.ia64.rpm 6830d3954a3e127ea2d7e4a56b597674 ImageMagick-perl-5.5.6-28.ia64.rpm eed5d63e031e0a0b0dfdae73093109d5 x86_64: ImageMagick-5.5.6-28.i386.rpm 7ea996b0bad00a5c10429959518d8f44 ImageMagick-5.5.6-28.x86_64.rpm 94e994d90f057d71d8dcb62b076b9523 ImageMagick-c++-5.5.6-28.i386.rpm dd95f664550d7174552b1e92cde302ca ImageMagick-c++-5.5.6-28.x86_64.rpm aa342825b34a1fe70c81eeb986eaf9e3 ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ca202f755c01c481407d2aba9fa9efef ImageMagick-devel-5.5.6-28.x86_64.rpm a22f33397a893cbdd6401f7766bf4d85 ImageMagick-perl-5.5.6-28.x86_64.rpm 632a7ac9ec6e1a7b39414332fd35dac5 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: ImageMagick-6.0.7.1-17.el4_6.1.src.rpm 12ce9e8f69c956318f9c953fd4cca73f IA-32: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm 86fb3e67058b4d336c3b9439caee26bd ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm 78d16c7cc80d6d3b090a711a0c7c4e66 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm 79e02265e83dcba05c4c932b81126343 ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm b536c9a6d6a0aa9e879f1800d9848b84 ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm 337bb4694f239ded0ed8006e0ecafaca IA-64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm d8c1f9a089ed30396c354ccc4a1fac7f ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ed903fe99db201475526b51c3158a2b6 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ad0193535f03c26d2c9b8ee6fe9d2115 ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm 3fedfc78fcc348324cc362bfa35a2e80 ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm 569ab7e4a9dc8bf6a01e97fccd7f924c x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm fa552d47fce62eff32c254f3a6e012dd ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ffc76aef3a3cef630ee755933052bfb4 ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 2671ec2965f2c9b6625c7cd9778ff8c7 ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm 74959e147cfe5b55378748c51fc150a4 ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm 5f8fcc0d71b809ca093077d107512da2 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 235071 - CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders 285861 - CVE-2008-1097 Memory corruption in ImageMagick's PCX coder 286411 - CVE-2008-1096 Out of bound write in ImageMagick's XCF coder 310081 - CVE-2007-4988 Integer overflow in ImageMagick's DIB coder 310091 - CVE-2007-4985 Infinite loops in ImageMagick's XCF and DCM coders 310121 - CVE-2007-4986 Multiple integer overflows in ImageMagick References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097 http://www.redhat.com/security/updates/classification/#moderate Keywords buffer, heap, integer, overflow, stack -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2008:0145-8 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-213: Nukedit 'email' Parameter Vulnerability S-214: SurgeMail and WebMail 'Page' Command Vulnerability S-215: Symantec Backup Exec Scheduler ActiveX Control Multiple Vulnerabilities S-216: Juniper Networks Secure Access 2000 'rdremediate.cgi' Vulnerability S-217: Drupal Multiple HTML Vulnerabilities S-218: gd Security Update S-219: Juniper Networks Secure Access 2000 Web Root Path Vulnerability S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability S-221: Learn2 STRunner ActiveX Control Vulnerabilities S-222: Evolution Security Update