drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in imagemagick
Name: |
Pufferüberläufe in imagemagick
|
|
ID: |
RHSA-2004:636-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Do, 9. Dezember 2004, 12:00 |
|
Referenzen: |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0981 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
--------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Updated ImageMagick packages fix security vulnerability Advisory ID: RHSA-2004:636-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-636.html Issue date: 2004-12-08 Updated on: 2004-12-08 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0981 CAN-2004-0827 ---------------------------------------------------------------------
1. Summary:
Updated ImageMagick packages that fixes a buffer overflow are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
ImageMagick(TM) is an image display and manipulation tool for the X Window System.
A buffer overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted image file with an improper EXIF information in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to this issue.
David Eisenstein has reported that our previous fix for CAN-2004-0827, a heap overflow flaw, was incomplete. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue.
Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser 130807 - CAN-2004-0827 heap overflow in BMP decoder
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ImageMagick-5.3.8-6.src.rpm 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
ia64: 9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm 03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm 9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm 3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm 0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ImageMagick-5.3.8-6.src.rpm 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
ia64: 9eebb430cc2782bf8779c2b6c1ac9330 ImageMagick-5.3.8-6.ia64.rpm 03597330fda5d808c67f7e9217e6cd99 ImageMagick-c++-5.3.8-6.ia64.rpm 9a2b3cde42826d541dc25cc18b6fef82 ImageMagick-c++-devel-5.3.8-6.ia64.rpm 3ef246ab1ead8e4ac34d5fb600ba6e11 ImageMagick-devel-5.3.8-6.ia64.rpm 0f8b492a2e35876487a18cb34717530f ImageMagick-perl-5.3.8-6.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ImageMagick-5.3.8-6.src.rpm 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ImageMagick-5.3.8-6.src.rpm 04d666060f01521d9fea24742a3f5439 ImageMagick-5.3.8-6.src.rpm
i386: 49dfa73a8b65db1b71604ff7dbed85b8 ImageMagick-5.3.8-6.i386.rpm e1e68b14d6c637bfa9525accb884b4cb ImageMagick-c++-5.3.8-6.i386.rpm 4fda06f1279142275c0e3f1365888590 ImageMagick-c++-devel-5.3.8-6.i386.rpm 852ce90eaa8d702e4e3c0a74b4b8ae7a ImageMagick-devel-5.3.8-6.i386.rpm 5e35ecce0aeb39bcdcab5d307e6a289d ImageMagick-perl-5.3.8-6.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
ppc: 90facda803fb447e862d754a0f773a24 ImageMagick-5.5.6-7.ppc.rpm 1f7dd0b886fc4dd81f83d203cf125e1c ImageMagick-c++-5.5.6-7.ppc.rpm 1b005351b9db9d7882bfb636d4c31d18 ImageMagick-c++-devel-5.5.6-7.ppc.rpm a30586353d6bb70020ed3df263f1a497 ImageMagick-devel-5.5.6-7.ppc.rpm 4f2d299fb4fb9831513136d8e56ec8f9 ImageMagick-perl-5.5.6-7.ppc.rpm
s390: 7acdb99fdb3735bec4b5deaffe48638f ImageMagick-5.5.6-7.s390.rpm 744ad5fe4fcdd1931e6a29acf52c126b ImageMagick-c++-5.5.6-7.s390.rpm cfb51a057018d71a439067395835434d ImageMagick-c++-devel-5.5.6-7.s390.rpm 49aa63d472ea09bb054cd05907941f40 ImageMagick-devel-5.5.6-7.s390.rpm fb355cd7d24232761a23231c00f9ceef ImageMagick-perl-5.5.6-7.s390.rpm
s390x: 2c986024e9a51e4cef1157260efebc28 ImageMagick-5.5.6-7.s390x.rpm 1be22c2e7138567cd9b37f727e1eb2ad ImageMagick-c++-5.5.6-7.s390x.rpm 557aa610b7be1d2ef6670cada21631de ImageMagick-c++-devel-5.5.6-7.s390x.rpm 74535eac90406854a4d16432b33d9ef2 ImageMagick-devel-5.5.6-7.s390x.rpm 1120d649cfe4b12886a402280fd50b20 ImageMagick-perl-5.5.6-7.s390x.rpm
x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: ImageMagick-5.5.6-7.src.rpm 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm 0eca5e4139fabef268b8b94405406037 ImageMagick-5.5.6-7.src.rpm
i386: 9647bd23372123be8453f3ea2411b9d9 ImageMagick-5.5.6-7.i386.rpm 7b8262f374a5af5e62f0d6a0e7f4f45b ImageMagick-c++-5.5.6-7.i386.rpm 15459e343c4a2bb2e651a16ae52a215c ImageMagick-c++-devel-5.5.6-7.i386.rpm e8ba073973164c5cb145ea3bbdca6f21 ImageMagick-devel-5.5.6-7.i386.rpm 1b048cef4ad7d7f80fe6b174304efd2f ImageMagick-perl-5.5.6-7.i386.rpm
ia64: e9d6b12d49f82587079d8630288d5c21 ImageMagick-5.5.6-7.ia64.rpm 76c2730209f2a419d77dcc6228bce775 ImageMagick-c++-5.5.6-7.ia64.rpm ad56120694232886525cf73e78059d70 ImageMagick-c++-devel-5.5.6-7.ia64.rpm 5540e68ca6ad478f0c06747e0b0af6a9 ImageMagick-devel-5.5.6-7.ia64.rpm f5d26f006e80d29379611fe429a057a5 ImageMagick-perl-5.5.6-7.ia64.rpm
x86_64: 5dca93db805a70a5e5c63e9ad8799924 ImageMagick-5.5.6-7.x86_64.rpm f57f942a8ed19d997f92767028a66fad ImageMagick-c++-5.5.6-7.x86_64.rpm c17c17e26cf6320885fb4b49a48d8d00 ImageMagick-c++-devel-5.5.6-7.x86_64.rpm 9c7bc81a718108e2e848f0cb04223492 ImageMagick-devel-5.5.6-7.x86_64.rpm 66699a74e16e141df285f25146da7a43 ImageMagick-perl-5.5.6-7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package
7. References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBt2QLXlSAg2UNWIIRApVrAJ0dQRiLpspwzrOdBQFIRjmeJopV2wCeNMyc inITvexd2UtjjdCaN0YJfTg= =pzpb -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|