Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in ImageMagick
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in ImageMagick
ID: TLSA-2005-75
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
Datum: Sa, 3. September 2005, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1739
Applikationen: ImageMagick

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-75
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 06 Jul 2005
Last revised: 03 Aug 2005

Package: ImageMagick

Summary: Two vulnerabilities discovered ImageMagick

More information:
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
Photo CD image file formats.

- A Heap-based buffer overflow vulnerability exists in ImageMagick.
- ImageMagick may allow attackers to cause a denial of service (infinite
loop).

Impact:
These vulerabilities may allow remote attackers to execute arbitrary code,
and/or allow attackers to cause a denial of service via malformed PNM, XWD
image files.

Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation

Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server]
# turbopkg
or
# zabom -u ImageMagick ImageMagick-c++ ImageMagick-devel ImageMagick-perl

[Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home,
Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u ImageMagick ImageMagick-devel

[Turbolinux 8 Server]
# turbopkg
or
# zabom update ImageMagick ImageMagick-c++ ImageMagick-devel ImageMagick-perl

[other]
# turbopkg
or
# zabom update ImageMagick ImageMagick-devel
---------------------------------------------


<Turbolinux 10 Server>

Source Packages
Size: MD5

ImageMagick-6.0.5-8.src.rpm
7514308 e9daa3af8ee537f4d869b5ecef554173

Binary Packages
Size: MD5

ImageMagick-6.0.5-8.i586.rpm
4363655 73906b405c975b14cf56c67831f40c7b
ImageMagick-c++-6.0.5-8.i586.rpm
306773 78871191ce61eadd63cfea6bf3475aa2
ImageMagick-devel-6.0.5-8.i586.rpm
785882 3aa060ebed655429490e47820288bf4e
ImageMagick-perl-6.0.5-8.i586.rpm
74122 5b2c25cdbab5daa33f6899ac981d1ac2

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

ImageMagick-6.0.5-8.src.rpm
7514308 56d51b61bd67ffa460410c597d144093

Binary Packages
Size: MD5

ImageMagick-6.0.5-8.i586.rpm
4370553 a59cbd05249fa783044411b05347c822
ImageMagick-devel-6.0.5-8.i586.rpm
784769 6708f39694bac1ec0cc560858a8731a5

<Turbolinux 8 Server>

Source Packages
Size: MD5

ImageMagick-5.4.7-6.src.rpm
3619144 e40f0006350c77462cee8ae7b853679b

Binary Packages
Size: MD5

ImageMagick-5.4.7-6.i586.rpm
3208246 17be28c277b6c3efb136f3da462b9a0d
ImageMagick-c++-5.4.7-6.i586.rpm
1392389 a6536c2ae9a9ffc715b3a469abd126c1
ImageMagick-devel-5.4.7-6.i586.rpm
856126 3f56e9ed747e421ac77124775e4511f1
ImageMagick-perl-5.4.7-6.i586.rpm
60501 ac1980662ac21fc0846e8aefa36009d3

<Turbolinux 8 Workstation>

Source Packages
Size: MD5

ImageMagick-5.4.3-5.src.rpm
3668382 f6fc9d829ef472fe7ceb1b9fd17faab3

Binary Packages
Size: MD5

ImageMagick-5.4.3-5.i586.rpm
3668836 2ce973bd884111f9fcf1a54309edb555
ImageMagick-devel-5.4.3-5.i586.rpm
971691 4571ab2d93ab08e69cebcb03c097b8e2

<Turbolinux 7 Server>

Source Packages
Size: MD5

ImageMagick-5.3.3-6.src.rpm
3660398 938024c85b07e0bea80009aca098124e

Binary Packages
Size: MD5

ImageMagick-5.3.3-6.i586.rpm
3039351 dfcf3c844a75160469dca07cb3de23c3
ImageMagick-devel-5.3.3-6.i586.rpm
1266831 bff89b098bded2efbf8c7f2b3fce8aae

<Turbolinux 7 Workstation>

Source Packages
Size: MD5

ImageMagick-5.3.3-6.src.rpm
3660398 3f319af8bac1b18a5584214d44a32ae6

Binary Packages
Size: MD5

ImageMagick-5.3.3-6.i586.rpm
3039165 77d4619d3f539729aaec31238ab5d689
ImageMagick-devel-5.3.3-6.i586.rpm
1267652 bd1f521546b40202e7c49b421082e1f5


References:

CVE
[CAN-2005-1275]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1275
[CAN-2005-1739]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1739

--------------------------------------------------------------------------
Revision History
06 Jul 2005 Initial release
03 Aug 2005 Added Turbolinux Multimedia, Turbolinux Personal to
"Affected Products"
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC8G6SK0LzjOqIJMwRAiaeAJ9yPSqYlvqjbgLWaDkAu4YBeaRX8ACglcsq
dYeaz+MVSMl1MUJhkaywl+8=
=i/E3
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung