[UPDATED] Fedora Legacy Test Update Notification: ImageMagick
Marc Deslauriers
marcdeslauriers at videotron.ca
Mon Jul 11 21:40:29 UTC 2005
These packages were updated to resolve a missing perl dependency.
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152777
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152777
2005-07-11
---------------------------------------------------------------------
Name : ImageMagick
Versions : rh73: ImageMagick-5.4.3.11-12.7.x.legacy
Versions : rh9: ImageMagick-5.4.7-18.legacy
Versions : fc1: ImageMagick-5.5.6-13.legacy
Versions : fc2: ImageMagick-6.2.0.7-2.fc2.4.legacy
Summary : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
---------------------------------------------------------------------
Update Information:
Updated ImageMagick packages that fix multiple security vulnerabilities
are now available.
ImageMagick(TM) is an image display and manipulation tool for the X
Window System.
A temporary file handling bug has been found in ImageMagick's libmagick
library. A local user could overwrite or create files as a different
user if a program was linked with the vulnerable library. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0455 to this issue.
A heap overflow flaw has been discovered in the ImageMagick image
handler. An attacker could create a carefully crafted BMP file in such
a way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0827 to this issue.
A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to
execute arbitrary code when processing the image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0981 to this issue.
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.
A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code on a victim's machine if they
were able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.
A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0759 to this issue.
A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0760 to this issue.
A bug was found in the way ImageMagick parses PSD files. It is possible
that a specially crafted PSD file could cause ImageMagick to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0761 to this issue.
A heap overflow bug was found in ImageMagick's SGI parser. It is
possible that an attacker could execute arbitrary code by tricking a
user into opening a specially crafted SGI image file. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-0762 to this issue.
A heap based buffer overflow bug was found in the way ImageMagick parses
PNM files. An attacker could execute arbitrary code on a victim's
machine if they were able to trick the victim into opening a specially
crafted PNM file. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1275 to this issue.
A denial of service bug was found in the way ImageMagick parses XWD
files. A user or program executing ImageMagick to process a malicious
XWD file can cause ImageMagick to enter an infinite loop causing a
denial of service condition. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-1739 to this
issue.
Users of ImageMagick should upgrade to these updated packages, which
contain backported patches, and are not vulnerable to these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Sun Jul 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-12.7.x.legacy
- Rebuilt to get perl dependencies right
* Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-11.7.x.legacy
- Added missing libtool, libxml2-devel, XFree85-libs, ghostscript
and XFree86-devel to BuildRequires
* Thu Jun 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-10.7.x.legacy
- Added patch for CAN-2005-1739
* Fri May 06 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-9.7.x.legacy
- Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and
CAN-2005-0762
- Added patch to fix a PNM heap overflow (CAN-2005-1275)
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-8.7.x.legacy
- Added better patch for CAN-2005-0005
* Tue Mar 01 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-7.7.x.legacy
- Added patches for CAN-2005-0005 and CAN-2005-0397
- Added htmlview to Requires
* Wed Nov 24 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.3.11-6.7.x.legacy
- added better patch for CAN-2003-0455 (Michal Jaegermann)
* Fri Nov 05 2004 Martin Siegert <siegert at sfu.ca> 5.4.3.11-5.7.x.legacy
- set BrowseDelegate=htmlview
* Thu Nov 04 2004 Martin Siegert <siegert at sfu.ca> 5.4.3.11-4.7.x.legacy
- include patch for CAN-2003-0455 from RHEL ImageMagick-5.3.8-5
- include patch for CAN-2004-0827
- include patch for CAN-2004-0981 from Debian (bug #278401)
rh9:
* Sun Jul 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-18.legacy
- Rebuilt to get perl dependencies fixed
* Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-17.legacy
- Added missing libtool, XFree86-devel, XFree86-libs, ghostscript
and libxml2-devel BuildRequires
* Thu Jun 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-16.legacy
- Added patch for CAN-2005-1739
* Sat May 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-15.legacy
- Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and
CAN-2005-0762
- Added patch to fix a PNM heap overflow (CAN-2005-1275)
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-14.legacy
- Added a better patch for CAN-2005-0005
* Wed Mar 02 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-13.legacy
- Added patches for CAN-2005-0005 and CAN-2005-0397
* Wed Nov 24 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-12.legacy
- Added better security patch for CAN-2004-0827 (heap overflow in BMP,
AVI, DIB)
- Added security patch for CAN-2003-0455 (temporary file vulnerability)
- Added security patch for CAN-2004-0981 (Remote EXIF parsing buffer
overflow)
* Sun Sep 12 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.4.7-11.legacy
- Added security patch for CAN-2004-0827
fc1:
* Sun Jul 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-13.legacy
- Rebuilt to get perl dependencies fixed
* Fri Jun 17 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-12.legacy
- Added missing libtool, libxml2-devel XFree86-devel
and ghostscript to BuildRequires
* Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-11.legacy
- Added patch for CAN-2005-1739
* Sat May 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-10.legacy
- Added patches for CAN-2005-0759, CAN-2005-0760, CAN-2005-0761 and
CAN-2005-0762
- Added patch to fix a PNM heap overflow (CAN-2005-1275)
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-9.legacy
- Added better patch for CAN-2005-0005
* Wed Mar 02 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.5.6-8.legacy
- Added patches for CAN-2005-0005 and CAN-2005-0397
* Sat Nov 13 2004 David Eisenstein <deisenst at gtw.net> 5.5.6-7-fc1
- add patch #8 for RedHat Bugzilla #112396, Postscript delegate
- patch # 9, CAN-2004-0827 heap overflow in BMP, AVI, DIB decoders
- patch #10, CAN-2004-0981 Remote EXIF parsing buffer overflow
- Above two patches address Fedora Legacy Bugzilla # 2052
fc2:
* Sun Jul 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
6.2.0.7-2.fc2.4.legacy
- Rebuilt to get perl dependencies fixed
* Sat Jun 18 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
6.2.0.7-2.fc2.3.legacy
- Added missing XFree86-devel, libxml2-devel, ghostscript to BuildRequires
* Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
6.2.0.7-2.fc2.2.legacy
- Added patch to fix CAN-2005-1739
* Sat May 07 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
6.2.0.7-2.fc2.1.legacy
- Added patch to fix a PNM heap overflow (CAN-2005-1275)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
7b27cf41597ccc41f50f5f3fd26a3c6cb1909bdd
redhat/7.3/updates-testing/i386/ImageMagick-5.4.3.11-12.7.x.legacy.i386.rpm
83414dfc20fff160d3b1c4a695658e331c0d3377
redhat/7.3/updates-testing/i386/ImageMagick-c++-5.4.3.11-12.7.x.legacy.i386.rpm
9d3a2639f252fcc0630577e8472363095c94b593
redhat/7.3/updates-testing/i386/ImageMagick-c++-devel-5.4.3.11-12.7.x.legacy.i386.rpm
a45ea97141ccce7c7341bb71c45253b43b11f7f8
redhat/7.3/updates-testing/i386/ImageMagick-devel-5.4.3.11-12.7.x.legacy.i386.rpm
15f0d5eb36b9aa9a747ac5dbef8711ce5ad4cd72
redhat/7.3/updates-testing/i386/ImageMagick-perl-5.4.3.11-12.7.x.legacy.i386.rpm
05387637ee1ebca6c8be0a53c6e13d9823a69b49
redhat/7.3/updates-testing/SRPMS/ImageMagick-5.4.3.11-12.7.x.legacy.src.rpm
rh9:
a6308b069f58c6360005ea56f3feb47eaae3bd65
redhat/9/updates-testing/i386/ImageMagick-5.4.7-18.legacy.i386.rpm
9f489f4e8e8b806a9633bb919f1d6c86717b7f27
redhat/9/updates-testing/i386/ImageMagick-c++-5.4.7-18.legacy.i386.rpm
889cc1c0ac6d8a467d5af14f7e8d7b0e6f20d8ac
redhat/9/updates-testing/i386/ImageMagick-c++-devel-5.4.7-18.legacy.i386.rpm
7e88b3ec777a2389778b8dc872893a145a18f84b
redhat/9/updates-testing/i386/ImageMagick-devel-5.4.7-18.legacy.i386.rpm
b08d36cd4582a49599ae8d74c89996d154462f85
redhat/9/updates-testing/i386/ImageMagick-perl-5.4.7-18.legacy.i386.rpm
a5af8dee9a7b06b0bc1b21e5765496cfd1ef7783
redhat/9/updates-testing/SRPMS/ImageMagick-5.4.7-18.legacy.src.rpm
fc1:
893208f6a36ec085645e3bf355b6bd4d7f4385c0
fedora/1/updates-testing/i386/ImageMagick-5.5.6-13.legacy.i386.rpm
2ceb1c41c4b6e326e1b936eb5400350ab4ff6e31
fedora/1/updates-testing/i386/ImageMagick-c++-5.5.6-13.legacy.i386.rpm
d30be986c274be4ed48f242c9e110fab67b242a5
fedora/1/updates-testing/i386/ImageMagick-c++-devel-5.5.6-13.legacy.i386.rpm
2bd96e8c2282b2679c2b667392c406d5907bdf0b
fedora/1/updates-testing/i386/ImageMagick-devel-5.5.6-13.legacy.i386.rpm
2a3c951dad27669d92b2d96def0a7c99af1ae5e2
fedora/1/updates-testing/i386/ImageMagick-perl-5.5.6-13.legacy.i386.rpm
6140077bd02c06b986324ece6d8c13dc57ce7b16
fedora/1/updates-testing/SRPMS/ImageMagick-5.5.6-13.legacy.src.rpm
fc2:
54d9009c07aeb2fcf9bf229261db01dab803dc60
fedora/2/updates-testing/i386/ImageMagick-6.2.0.7-2.fc2.4.legacy.i386.rpm
ad54fd8a3e168a327d3132180d203e1e9d1cb5d9
fedora/2/updates-testing/i386/ImageMagick-c++-6.2.0.7-2.fc2.4.legacy.i386.rpm
6c5e6d0b1e190d7eb3e04caa348544f40a0be1c3
fedora/2/updates-testing/i386/ImageMagick-c++-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
c57f484f174292c09b8dc5926e69a78b3f01b203
fedora/2/updates-testing/i386/ImageMagick-devel-6.2.0.7-2.fc2.4.legacy.i386.rpm
74bb46945e783a9ffc8d2299924496a5f4334d79
fedora/2/updates-testing/i386/ImageMagick-perl-6.2.0.7-2.fc2.4.legacy.i386.rpm
00ca9b91408f73c74d7574b4cf1247d8f6cf8749
fedora/2/updates-testing/SRPMS/ImageMagick-6.2.0.7-2.fc2.4.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050711/d8d86c6a/attachment.sig>
More information about the fedora-legacy-list
mailing list