--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2005-235 2005-03-18 --------------------------------------------------------------------- Product : Fedora Core 3 Name : ImageMagick Version : 6.2.0.7 Release : 2.fc3 Summary : An X application for displaying and manipulating images. Description : ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and dis play images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. --------------------------------------------------------------------- Update Information: Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code in a victims machine if they are able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0397 to this issue. --------------------------------------------------------------------- * Wed Mar 16 2005 <mclasen@xxxxxxxxxx> - 6.2.0.7-2.fc3 - Update to 6.2.0 to fix a number of security issues: #145112 (CAN-2005-05), #151265 (CAN-2005-0397) - Drop a lot of upstreamed patches * Fri Mar 11 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 6.0.7.1-5.fc3 - Make writing tiff to stdout work. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/ 96c355277cf7ce28ef4384a6d733ecab SRPMS/ImageMagick-6.2.0.7-2.fc3.src.rpm eba67c16f7c6c54feddd81e7197f41af x86_64/ImageMagick-6.2.0.7-2.fc3.x86_64.rpm 065c95127afc38fa97e90157e6797183 x86_64/ImageMagick-devel-6.2.0.7-2.fc3.x86_64.rpm 8a476c7d7b50afa314c41e0b80a434c9 x86_64/ImageMagick-perl-6.2.0.7-2.fc3.x86_64.rpm 44e604b3be8523753821a2ae4cf1a432 x86_64/ImageMagick-c ++-6.2.0.7-2.fc3.x86_64.rpm 2b1b408f42aef092c6156395d8935ef6 x86_64/ImageMagick-c ++-devel-6.2.0.7-2.fc3.x86_64.rpm 2ead9fd925b4069dfb4d7793bfb613d9 x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc3.x86_64.rpm 8a9a464218ed28d7d6245c10c3b24e52 x86_64/ImageMagick-6.2.0.7-2.fc3.i386.rpm 8f30983373060a78e8f35ea972b4f0fd x86_64/ImageMagick-c ++-6.2.0.7-2.fc3.i386.rpm 8a9a464218ed28d7d6245c10c3b24e52 i386/ImageMagick-6.2.0.7-2.fc3.i386.rpm 302a65ffb25b36ff7e83edbf763976a9 i386/ImageMagick-devel-6.2.0.7-2.fc3.i386.rpm 70fddae83d164f2244c294435b50dc6a i386/ImageMagick-perl-6.2.0.7-2.fc3.i386.rpm 8f30983373060a78e8f35ea972b4f0fd i386/ImageMagick-c ++-6.2.0.7-2.fc3.i386.rpm cafc12bda5b8d2e773496a307ced844b i386/ImageMagick-c ++-devel-6.2.0.7-2.fc3.i386.rpm 06399797a7674e964c3645834e35c848 i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. You may need to edit your up2date channels configuration. Within /etc/sysconfig/rhn/sources enable the following line: yum updates-testing http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/$ARCH ---------------------------------------------------------------------