drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in imagemagick
Name: |
Pufferüberlauf in imagemagick
|
|
ID: |
RHSA-2005:320-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 23. März 2005, 12:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0397 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
--------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: ImageMagick security update Advisory ID: RHSA-2005:320-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-320.html Issue date: 2005-03-23 Updated on: 2005-03-23 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0397 ---------------------------------------------------------------------
1. Summary:
Updated ImageMagick packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
ImageMagick(TM) is an image display and manipulation tool for the X Window System which can read and write multiple image formats.
A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.
Additionally, a bug was fixed which caused ImageMagick(TM) to occasionally segfault when writing TIFF images to standard output.
Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
142045 - Segmentation fault on conversion to TIFF (possible libtiff bug) 150185 - CAN-2005-0397 ImageMagick format string flaw
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ImageMagick-6.0.7.1-10.src.rpm 983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm
i386: c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm 703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm 2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm 6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm
ia64: 001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm 7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm 4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm 2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm
ppc: 12be580ec878b85766fb395b12594ef3 ImageMagick-6.0.7.1-10.ppc.rpm 0231e95c9d3d20a4ec33bb840f6b95c0 ImageMagick-c++-6.0.7.1-10.ppc.rpm 73d33cc0070d616f04fcc30dddf98db7 ImageMagick-c++-devel-6.0.7.1-10.ppc.rpm 0775ecaf973f9985e195d7d088e3a342 ImageMagick-devel-6.0.7.1-10.ppc.rpm e59efdba147068fdec313afef97dcb5b ImageMagick-perl-6.0.7.1-10.ppc.rpm
s390: dcbb2aedbc432f9291314079a4c2ff7d ImageMagick-6.0.7.1-10.s390.rpm 4745e6e2e665afbc7b1cac91cddbbc9d ImageMagick-c++-6.0.7.1-10.s390.rpm 2c4f816ab3892f6914986b2217e2c73e ImageMagick-c++-devel-6.0.7.1-10.s390.rpm 67adaba9d191ede734f758aec0cd9b5c ImageMagick-devel-6.0.7.1-10.s390.rpm 2a9a4922e589877e70e2c2e918b05b0f ImageMagick-perl-6.0.7.1-10.s390.rpm
s390x: 6dea39358712b8575da76e27ff671924 ImageMagick-6.0.7.1-10.s390x.rpm 7e6df039cba4a3cf7fbf5b550dd7a4d1 ImageMagick-c++-6.0.7.1-10.s390x.rpm 87f2a92001e88334cf6f55e82e54529a ImageMagick-c++-devel-6.0.7.1-10.s390x.rpm 377ad1d4145efd9ae1556f7498564d4d ImageMagick-devel-6.0.7.1-10.s390x.rpm b55a7bf0fe172df9936f3628722fc14e ImageMagick-perl-6.0.7.1-10.s390x.rpm
x86_64: 672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm 409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm 70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: ImageMagick-6.0.7.1-10.src.rpm 983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm
i386: c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm 703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm 2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm 6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm
x86_64: 672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm 409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm 70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ImageMagick-6.0.7.1-10.src.rpm 983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm
i386: c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm 703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm 2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm 6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm
ia64: 001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm 7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm 4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm 2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm
x86_64: 672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm 409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm 70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ImageMagick-6.0.7.1-10.src.rpm 983a85a6a04cd419b211542237f624fd ImageMagick-6.0.7.1-10.src.rpm
i386: c49a75c5604dc6c91dd7644d5f8f1317 ImageMagick-6.0.7.1-10.i386.rpm 703a14542bc4d191d1e8e4eabdb12c7f ImageMagick-c++-6.0.7.1-10.i386.rpm 2f7c6aaff730080c5df1a0e5a81fd4c7 ImageMagick-c++-devel-6.0.7.1-10.i386.rpm c2b40c33bdc90235538bc40e14b293f9 ImageMagick-devel-6.0.7.1-10.i386.rpm 6f8508bdf55102434b3d734e66a0e8f3 ImageMagick-perl-6.0.7.1-10.i386.rpm
ia64: 001bda657397f288044e64e0bc05b70b ImageMagick-6.0.7.1-10.ia64.rpm 7d931c803bc50137ce838b4abcbd2429 ImageMagick-c++-6.0.7.1-10.ia64.rpm 4a305e0d3d43b5c4819577d52cb3665b ImageMagick-c++-devel-6.0.7.1-10.ia64.rpm 2a86fc9da66f0e6d0e96b3069ca2a657 ImageMagick-devel-6.0.7.1-10.ia64.rpm a2604e4a1e0e05077e4710a73beeb4c0 ImageMagick-perl-6.0.7.1-10.ia64.rpm
x86_64: 672a0fe5f9ba36d3a5398262a2ab4339 ImageMagick-6.0.7.1-10.x86_64.rpm 409c209e120fa43e39c33cacda54c917 ImageMagick-c++-6.0.7.1-10.x86_64.rpm 70aaee17027423dcc49895e31889741f ImageMagick-c++-devel-6.0.7.1-10.x86_64.rpm db06e770f7f2b943a0ec9a368adc5fa9 ImageMagick-devel-6.0.7.1-10.x86_64.rpm c144f3cbc8398fda48fac46e2faadeb7 ImageMagick-perl-6.0.7.1-10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0397
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFCQUDmXlSAg2UNWIIRAg8ZAKCffK5dfZ0jV36Vckkj9aZBlRp5mwCgoY1V /E7+3tpNFs312jjL2izBqmQ= =+tXl -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|