--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155508 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152777 2005-06-19 --------------------------------------------------------------------- Name : ImageMagick Versions : rh73: ImageMagick-5.4.3.11-11.7.x.legacy Versions : rh9: ImageMagick-5.4.7-17.legacy Versions : fc1: ImageMagick-5.5.6-12.legacy Versions : fc2: ImageMagick-6.2.0.7-2.fc2.3.legacy Summary : An X application for displaying and manipulating images. Description : ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. --------------------------------------------------------------------- Update Information: Updated ImageMagick packages that fix multiple security vulnerabilities are now available. ImageMagick(TM) is an image display and manipulation tool for the X Window System. A temporary file handling bug has been found in ImageMagick's libmagick library. A local user could overwrite or create files as a different user if a program was linked with the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0455 to this issue. A heap overflow flaw has been discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue. A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to this issue. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0759 to this issue. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0760 to this issue. A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0761 to this issue. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0762 to this issue. A heap based buffer overflow bug was found in the way ImageMagick parses PNM files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted PNM file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1275 to this issue. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-11.7.x.legacy - Added missing libtool, libxml2-devel, XFree85-libs, ghostscript and XFree86-devel to BuildRequires * Thu Jun 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-10.7.x.legacy - Added patch for CAN-2005-1739 * Fri May 06 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-9.7.x.legacy - Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and CAN-2005-0762 - Added patch to fix a PNM heap overflow (CAN-2005-1275) * Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-8.7.x.legacy - Added better patch for CAN-2005-0005 * Tue Mar 01 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-7.7.x.legacy - Added patches for CAN-2005-0005 and CAN-2005-0397 - Added htmlview to Requires * Wed Nov 24 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.3.11-6.7.x.legacy - added better patch for CAN-2003-0455 (Michal Jaegermann) * Fri Nov 05 2004 Martin Siegert <siegert@xxxxxx> 5.4.3.11-5.7.x.legacy - set BrowseDelegate=htmlview * Thu Nov 04 2004 Martin Siegert <siegert@xxxxxx> 5.4.3.11-4.7.x.legacy - include patch for CAN-2003-0455 from RHEL ImageMagick-5.3.8-5 - include patch for CAN-2004-0827 - include patch for CAN-2004-0981 from Debian (bug #278401) rh9: * Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-17.legacy - Added missing libtool, XFree86-devel, XFree86-libs, ghostscript and libxml2-devel BuildRequires * Thu Jun 09 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-16.legacy - Added patch for CAN-2005-1739 * Sat May 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-15.legacy - Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and CAN-2005-0762 - Added patch to fix a PNM heap overflow (CAN-2005-1275) * Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-14.legacy - Added a better patch for CAN-2005-0005 * Wed Mar 02 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-13.legacy - Added patches for CAN-2005-0005 and CAN-2005-0397 * Wed Nov 24 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-12.legacy - Added better security patch for CAN-2004-0827 (heap overflow in BMP, AVI, DIB) - Added security patch for CAN-2003-0455 (temporary file vulnerability) - Added security patch for CAN-2004-0981 (Remote EXIF parsing buffer overflow) * Sun Sep 12 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.4.7-11.legacy - Added security patch for CAN-2004-0827 fc1: * Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.5.6-12.legacy - Added missing libtool, libxml2-devel XFree86-devel and ghostscript to BuildRequires * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.5.6-11.legacy - Added patch for CAN-2005-1739 * Sat May 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.5.6-10.legacy - Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and CAN-2005-0762 - Added patch to fix a PNM heap overflow (CAN-2005-1275) * Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.5.6-9.legacy - Added better patch for CAN-2005-0005 * Wed Mar 02 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.5.6-8.legacy - Added patches for CAN-2005-0005 and CAN-2005-0397 * Sat Nov 13 2004 David Eisenstein <deisenst@xxxxxxx> 5.5.6-7-fc1 - add patch #8 for RedHat Bugzilla #112396, Postscript delegate - patch # 9, CAN-2004-0827 heap overflow in BMP, AVI, DIB decoders - patch #10, CAN-2004-0981 Remote EXIF parsing buffer overflow - Above two patches address Fedora Legacy Bugzilla # 2052 fc2: * Sat Jun 18 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 6.2.0.7-2.fc2.3.legacy - Added missing XFree86-devel, libxml2-devel, ghostscript to BuildRequires * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 6.2.0.7-2.fc2.2.legacy - Added patch to fix CAN-2005-1739 * Sat May 07 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 6.2.0.7-2.fc2.1.legacy - Added patch to fix a PNM heap overflow (CAN-2005-1275) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 89db27a192946e99358dfbd6a9c7f5f1a02495e5 redhat/7.3/updates-testing/i386/ImageMagick-5.4.3.11-11.7.x.legacy.i386.rpm 8ae53bd35eacf50404261b67875a7a35b8708a7d redhat/7.3/updates-testing/i386/ImageMagick-c++-5.4.3.11-11.7.x.legacy.i386.rpm 2f427f1ec11108fb2e1f681feeeb6cbbfa086f33 redhat/7.3/updates-testing/i386/ImageMagick-c++-devel-5.4.3.11-11.7.x.legacy.i386.rpm 2d729c5cb0ec04495f349d7a791ed90381411b17 redhat/7.3/updates-testing/i386/ImageMagick-devel-5.4.3.11-11.7.x.legacy.i386.rpm 5321c7e7a81f7b2d2957be4ddbbeafe96a844a18 redhat/7.3/updates-testing/i386/ImageMagick-perl-5.4.3.11-11.7.x.legacy.i386.rpm aed9756e160c904fcc34bc922203af2daffe59d9 redhat/7.3/updates-testing/SRPMS/ImageMagick-5.4.3.11-11.7.x.legacy.src.rpm rh9: 2dbcdde0aba102e145ef0bc534ca82858fd385a5 redhat/9/updates-testing/i386/ImageMagick-5.4.7-17.legacy.i386.rpm 39707ab761a50586c3e70c23013e83606eae100c redhat/9/updates-testing/i386/ImageMagick-c++-5.4.7-17.legacy.i386.rpm 1f65dade41a5c4974a98b09376ee4669a561bc33 redhat/9/updates-testing/i386/ImageMagick-c++-devel-5.4.7-17.legacy.i386.rpm 82648de206050daf7108b1db2400096b850ddbbc redhat/9/updates-testing/i386/ImageMagick-devel-5.4.7-17.legacy.i386.rpm ed97c25ba1a0bdcbb6d33f6ac4dbbb6ac08cf5cd redhat/9/updates-testing/i386/ImageMagick-perl-5.4.7-17.legacy.i386.rpm 91c016c906cb127cc8aa8836ee9ef22749e0e36b redhat/9/updates-testing/SRPMS/ImageMagick-5.4.7-17.legacy.src.rpm fc1: db1b096a652bd6c1bff52d42d3b9fbbe56a941e4 fedora/1/updates-testing/i386/ImageMagick-5.5.6-12.legacy.i386.rpm a1aa344bcaf5383da213d0cdc04f08d8b868fc32 fedora/1/updates-testing/i386/ImageMagick-c++-5.5.6-12.legacy.i386.rpm fd48f3d55b859262d1d1ce2b3d4c9fde41e4953e fedora/1/updates-testing/i386/ImageMagick-c++-devel-5.5.6-12.legacy.i386.rpm f16f14f29797a264367e55bf24a6ad2628807268 fedora/1/updates-testing/i386/ImageMagick-devel-5.5.6-12.legacy.i386.rpm 947cc0101713e70153cef50ac9d529fa0fa85a60 fedora/1/updates-testing/i386/ImageMagick-perl-5.5.6-12.legacy.i386.rpm 676ff69b50cea82e9590957bd8c1f29eb8dff0bd fedora/1/updates-testing/SRPMS/ImageMagick-5.5.6-12.legacy.src.rpm fc2: a5bd53fae18dcf640f5a46ff769dcee343a5384c fedora/2/updates-testing/i386/ImageMagick-6.2.0.7-2.fc2.3.legacy.i386.rpm 555af3dc174aebbd1c4c815714da55311420a75b fedora/2/updates-testing/i386/ImageMagick-c++-6.2.0.7-2.fc2.3.legacy.i386.rpm 91e23889a512f1c5bc43ee98a970ee68899adb61 fedora/2/updates-testing/i386/ImageMagick-c++-devel-6.2.0.7-2.fc2.3.legacy.i386.rpm e106461910145b26f81cb87dbe9ea25eb903e53f fedora/2/updates-testing/i386/ImageMagick-devel-6.2.0.7-2.fc2.3.legacy.i386.rpm 12e23587f36e5d639c8f24b18101a398d6a3a43e fedora/2/updates-testing/i386/ImageMagick-perl-6.2.0.7-2.fc2.3.legacy.i386.rpm 3ee8913d3ebbe1fc761c14fa74cd09579bc35c35 fedora/2/updates-testing/SRPMS/ImageMagick-6.2.0.7-2.fc2.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
