drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in imagemagick
| Name: |
Pufferüberläufe in imagemagick
|
|
| ID: |
RHSA-2004:636-01 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux |
|
| Datum: |
Do, 9. Dezember 2004, 12:00 |
|
| Referenzen: |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0981 |
|
| Applikationen: |
ImageMagick |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated ImageMagick packages fix security vulnerability
Advisory ID: RHSA-2004:636-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-636.html
Issue date: 2004-12-08
Updated on: 2004-12-08
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0981 CAN-2004-0827
---------------------------------------------------------------------
1. Summary:
Updated ImageMagick packages that fixes a buffer overflow are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
ImageMagick(TM) is an image display and manipulation tool for the X Window
System.
A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.
David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete. An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.
Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser
130807 - CAN-2004-0827 heap overflow in BMP decoder
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386:
49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
ia64:
9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
ia64:
9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386:
49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386:
49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386:
9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64:
e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
ppc:
90facda803fb447e862d754a0f773a24 ImageMagick-5.5.6-7.ppc.rpm
1f7dd0b886fc4dd81f83d203cf125e1c ImageMagick-c++-5.5.6-7.ppc.rpm
1b005351b9db9d7882bfb636d4c31d18 ImageMagick-c++-devel-5.5.6-7.ppc.rpm
a30586353d6bb70020ed3df263f1a497 ImageMagick-devel-5.5.6-7.ppc.rpm
4f2d299fb4fb9831513136d8e56ec8f9 ImageMagick-perl-5.5.6-7.ppc.rpm
s390:
7acdb99fdb3735bec4b5deaffe48638f ImageMagick-5.5.6-7.s390.rpm
744ad5fe4fcdd1931e6a29acf52c126b ImageMagick-c++-5.5.6-7.s390.rpm
cfb51a057018d71a439067395835434d ImageMagick-c++-devel-5.5.6-7.s390.rpm
49aa63d472ea09bb054cd05907941f40 ImageMagick-devel-5.5.6-7.s390.rpm
fb355cd7d24232761a23231c00f9ceef ImageMagick-perl-5.5.6-7.s390.rpm
s390x:
2c986024e9a51e4cef1157260efebc28 ImageMagick-5.5.6-7.s390x.rpm
1be22c2e7138567cd9b37f727e1eb2ad ImageMagick-c++-5.5.6-7.s390x.rpm
557aa610b7be1d2ef6670cada21631de ImageMagick-c++-devel-5.5.6-7.s390x.rpm
74535eac90406854a4d16432b33d9ef2 ImageMagick-devel-5.5.6-7.s390x.rpm
1120d649cfe4b12886a402280fd50b20 ImageMagick-perl-5.5.6-7.s390x.rpm
x86_64:
5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386:
9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
x86_64:
5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386:
9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64:
e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
x86_64:
5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386:
9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64:
e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
x86_64:
5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBt2QLXlSAg2UNWIIRApVrAJ0dQRiLpspwzrOdBQFIRjmeJopV2wCeNMyc
inITvexd2UtjjdCaN0YJfTg=
=pzpb
-----END PGP SIGNATURE-----
--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|
