Fedora Core 2 Test Update: ImageMagick-6.2.0.7-2.fc2

Matthias Clasen mclasen at redhat.com
Sat Mar 19 02:49:27 UTC 2005


Fedora Test Update Notification
FEDORA-2005-234
2005-03-18
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : ImageMagick
Version     : 6.2.0.7
Release     : 2.fc2
Summary     : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

---------------------------------------------------------------------
Update Information:


Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.

A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.

A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash.

A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash.

A bug was found in the way ImageMagick parses PSD files. It is possilbe
that a specially crafted PSD file could cause ImageMagick to crash.

A heap overflow bug was found in ImageMagick's SGI parser. It is
possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file.

---------------------------------------------------------------------
* Wed Mar 16 2005  <mclasen at redhat.com> - 6.2.0.7-2.fc2
- Update to 6.2.0 to fix a number of security issues:
  #145112 (CAN-2005-05), #151265 (CAN-2005-0397),
  #150313, #150319, #150325, #150329
- Drop a lot of upstreamed patches

---------------------------------------------------------------------
This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/2/

749a11790152d59322f9ebef52849df9
SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm
dea486c813ff353a68cc705d5d94295c
x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm
1f6a82f6265a202132f2a693ef79bd14
x86_64/ImageMagick-devel-6.2.0.7-2.fc2.x86_64.rpm
49b1d3309b39a916864e6445c6b55fe3
x86_64/ImageMagick-perl-6.2.0.7-2.fc2.x86_64.rpm
0dd172f7b5ab2b024117b14b59d57fab  x86_64/ImageMagick-c
++-6.2.0.7-2.fc2.x86_64.rpm
e7f3ee43f8039506f924a9c69627c0bc  x86_64/ImageMagick-c
++-devel-6.2.0.7-2.fc2.x86_64.rpm
a6941001331c16dc37456489fcdf5c10
x86_64/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.x86_64.rpm
7d5f987d35141a93ac530f2fc220cb8a
i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm
dd33c80086e12bdd6c902de59071690b
i386/ImageMagick-devel-6.2.0.7-2.fc2.i386.rpm
e80adc816e953f4c554f9e47a147448d
i386/ImageMagick-perl-6.2.0.7-2.fc2.i386.rpm
59de5846ce72e6a570093d223f29fff7  i386/ImageMagick-c
++-6.2.0.7-2.fc2.i386.rpm
c01492e0b9267c307a8785200486dfc1  i386/ImageMagick-c
++-devel-6.2.0.7-2.fc2.i386.rpm
4fbbaba9036d3122a08211121735c8f6
i386/debug/ImageMagick-debuginfo-6.2.0.7-2.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may
need to edit your up2date channels configuration.  Within
/etc/sysconfig/rhn/sources enable the following line:
yum updates-testing
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/2/$ARCH
---------------------------------------------------------------------





More information about the fedora-test-list mailing list