__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
ImageMagick Security Update
[Red Hat RHSA-2006:0633-5]
August 24, 2006 17:00 GMT Number Q-295
[REVISED 5 Sept 2006]
[REVISED 20 Nov 2006]
______________________________________________________________________________
PROBLEM: There are several integer and buffer overflow flaws in the way
ImageMagick decodes XCF, SGI, and Sun bitmap graphic files.
PLATFORM: Red Hat Desktop (v. 3 & v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, & v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
Debian GNU/Linux 3.1 alias sarge
DAMAGE: An attacker could execute arbitrary code on a victim's machine
if they were able to trick the victim into opening a specially
crafted image file.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. An attacker could execute arbitrary code on
ASSESSMENT: a victim's machine if they were able to trick the victim into
opening a specially crafted image file.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-295.shtml
ORIGINAL BULLETIN: Red Hat RHSA-2006:0633-5
https://rhn.redhat.com/errata/RHSA-2006-0633.html
ADDITIONAL LINKS: Debian Security Advisory DSA-1168-1
http://www.debian.org/security/2006/dsa-1168
Debian Security Advisory DSA-1207-2
http://www.debian.org/security/2006/dsa-1207
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2006-3743 CVE-2006-3744 CVE-2006-4144
______________________________________________________________________________
REVISION HISTORY:
09/05/2006 - revised to add a link to Debian Security Advisory DSA-1168-1
for Debian GNU/Linux 3.1 alias sarge.
11/20/2006 - revised to add a link to Debian Security Advisory DSA-1213-1
for Debian GNU/Linux 3.1 alias sarge.
[***** Start Red Hat RHSA-2006:0633-5 *****]
Moderate: ImageMagick security update
Advisory: RHSA-2006:0633-5
Type: Security Advisory
Issued on: 2006-08-24
Last updated on: 2006-08-24
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-3743
CVE-2006-3744
CVE-2006-4144
Details
Updated ImageMagick packages that fix several security issues are now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
Tavis Ormandy discovered several integer and buffer overflow flaws in the
way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker
could execute arbitrary code on a victim's machine if they were able to
trick the victim into opening a specially crafted image file.
(CVE-2006-3743, CVE-2006-3744, CVE-2006-4144)
Users of ImageMagick should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Updated packages
Red Hat Desktop (v. 3)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae
IA-32:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636
ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204
ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227
x86_64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87
ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108
ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd
ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5
IA-32:
ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0
ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3
ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5
ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96
ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4
x86_64:
ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f
ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf
ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd
ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830
ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80
IA-32:
ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8
ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a
ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b
ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc
ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4
IA-64:
ImageMagick-5.3.8-16.ia64.rpm 397fdbc18c18676572bbd08b7b553ef7
ImageMagick-c++-5.3.8-16.ia64.rpm de51019600457d16a9f1c2aada788f82
ImageMagick-c++-devel-5.3.8-16.ia64.rpm 83609c183e34f11bf57b5a9a3758b90a
ImageMagick-devel-5.3.8-16.ia64.rpm e2b208ef6333a5a6432e41d8412c935e
ImageMagick-perl-5.3.8-16.ia64.rpm af83cc3860d24179a71c5b6bec51a5ba
Red Hat Enterprise Linux AS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae
IA-32:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636
ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204
ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227
IA-64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b
ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584
ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641
ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6
PPC:
ImageMagick-5.5.6-20.ppc.rpm 5dd343a64e1ee0940efb6bb7a53726fc
ImageMagick-5.5.6-20.ppc64.rpm c95bd3568019802d1585747f0393b62f
ImageMagick-c++-5.5.6-20.ppc.rpm 05c16fdb9dbb529b6d8e8005faca65df
ImageMagick-c++-5.5.6-20.ppc64.rpm 371d3600959f6d4924c813916a08b748
ImageMagick-c++-devel-5.5.6-20.ppc.rpm dcf5ede30b2d305a2acec1c39ef509f9
ImageMagick-devel-5.5.6-20.ppc.rpm 12eb5eda512a200dc63d82a2f3d42f53
ImageMagick-perl-5.5.6-20.ppc.rpm d979b4a29bad733dd9f0d8fe7135bf28
s390:
ImageMagick-5.5.6-20.s390.rpm ee010a4baae9c8ec95ab3c720034a2e3
ImageMagick-c++-5.5.6-20.s390.rpm 11d78448026b7be7163fe83556de24a5
ImageMagick-c++-devel-5.5.6-20.s390.rpm 51cddfd11bc0a0a73e29a77bfeeffb67
ImageMagick-devel-5.5.6-20.s390.rpm 0bfcd98d989c09b3a75c8b8a52d76a9b
ImageMagick-perl-5.5.6-20.s390.rpm 8a4fda0c318b490ac83a3258e8d66318
s390x:
ImageMagick-5.5.6-20.s390.rpm ee010a4baae9c8ec95ab3c720034a2e3
ImageMagick-5.5.6-20.s390x.rpm c49ee6e2d994da23f7ddd16da2b6bcbf
ImageMagick-c++-5.5.6-20.s390.rpm 11d78448026b7be7163fe83556de24a5
ImageMagick-c++-5.5.6-20.s390x.rpm 02d642304740614222695d924db94372
ImageMagick-c++-devel-5.5.6-20.s390x.rpm f23d766a1b16405708220b3fdbb2d95b
ImageMagick-devel-5.5.6-20.s390x.rpm 896aa876329c9220f9dfb4d36772eff9
ImageMagick-perl-5.5.6-20.s390x.rpm 431bed3e2960efe433a51e1ec98bf979
x86_64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87
ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108
ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd
ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5
IA-32:
ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0
ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3
ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5
ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96
ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4
IA-64:
ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57
ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8
ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192
ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5
ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36
PPC:
ImageMagick-6.0.7.1-16.ppc.rpm 1fa7978f53c957401b1fb4e305597eb6
ImageMagick-c++-6.0.7.1-16.ppc.rpm 21f396eef95a83b401db4dd1b2f2f5ab
ImageMagick-c++-devel-6.0.7.1-16.ppc.rpm 6d4d00a765a635cc9ee46bf786806ef4
ImageMagick-devel-6.0.7.1-16.ppc.rpm 575e11a7b0d03a615cba7813a4b2eab3
ImageMagick-perl-6.0.7.1-16.ppc.rpm 65ed655b2067c607b1c3888cc587da5b
s390:
ImageMagick-6.0.7.1-16.s390.rpm 90fccabcb6e6d6fde15b58f5f5c86bbe
ImageMagick-c++-6.0.7.1-16.s390.rpm 3eed19ca930c354f2c478abd18d440f5
ImageMagick-c++-devel-6.0.7.1-16.s390.rpm 49995b3fad116ae795ce7b57decd0390
ImageMagick-devel-6.0.7.1-16.s390.rpm 981cffbbdd43b5bc44a7ad97cb3f8c95
ImageMagick-perl-6.0.7.1-16.s390.rpm 32d842feb9edbb703306483668b2dac1
s390x:
ImageMagick-6.0.7.1-16.s390x.rpm aeda92a53ec7d274700741e0e2afede1
ImageMagick-c++-6.0.7.1-16.s390x.rpm 750fe3a655f8d7965a02e7da02d3b4d5
ImageMagick-c++-devel-6.0.7.1-16.s390x.rpm 0837ba3c8cec1c8876c23b67e986f50e
ImageMagick-devel-6.0.7.1-16.s390x.rpm 92c372b91272a692bdbd0bfa61724217
ImageMagick-perl-6.0.7.1-16.s390x.rpm 6bda8ccd64a7f7384e89dd493fa2699c
x86_64:
ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f
ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf
ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd
ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830
ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80
IA-32:
ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8
ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a
ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b
ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc
ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4
Red Hat Enterprise Linux ES (v. 3)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae
IA-32:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636
ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204
ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227
IA-64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b
ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584
ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641
ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6
x86_64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87
ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108
ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd
ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5
IA-32:
ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0
ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3
ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5
ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96
ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4
IA-64:
ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57
ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8
ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192
ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5
ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36
x86_64:
ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f
ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf
ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd
ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830
ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80
IA-32:
ImageMagick-5.3.8-16.i386.rpm 1ea6a08bc5450e64efdae7178b4025d8
ImageMagick-c++-5.3.8-16.i386.rpm 69a30f7f38ffe810f918ef62ad80cf3a
ImageMagick-c++-devel-5.3.8-16.i386.rpm 3c8c8f5281c953d4a8a0b5dc6102874b
ImageMagick-devel-5.3.8-16.i386.rpm 52e9b08e9c873cf6f2c822eeb077f7dc
ImageMagick-perl-5.3.8-16.i386.rpm 702dc419b9abce1d0c95d00790e9f0d4
Red Hat Enterprise Linux WS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.5.6-20.src.rpm 24624ca0eb3a0775c26116623e23e1ae
IA-32:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-devel-5.5.6-20.i386.rpm 979b22849f5ad735b9cdd460a7c7e636
ImageMagick-devel-5.5.6-20.i386.rpm 88e8126099e8db71729336dd9af2e204
ImageMagick-perl-5.5.6-20.i386.rpm ecced6d469a8c90d48464b539aa75227
IA-64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.ia64.rpm 160ffd693dcda93446f0761e93f87f89
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.ia64.rpm 4a2f448ceb5399fc790b9fb78b89044b
ImageMagick-c++-devel-5.5.6-20.ia64.rpm 7b160d9c17f69e34fdd8e68c1a263584
ImageMagick-devel-5.5.6-20.ia64.rpm 3be3bb9d2589e21ceb8c548335213641
ImageMagick-perl-5.5.6-20.ia64.rpm 9c87d7a86b6e8ff6f60ccacaa874f8d6
x86_64:
ImageMagick-5.5.6-20.i386.rpm 49bb1ae98900a8e32f7ed0194cebb0bf
ImageMagick-5.5.6-20.x86_64.rpm bbc0198fadc4439f255901b3a86a8405
ImageMagick-c++-5.5.6-20.i386.rpm 2f110ea12de1552e27cc91b6375214a5
ImageMagick-c++-5.5.6-20.x86_64.rpm c8cd2bfe49a31c4f91cb3d004b4b2e87
ImageMagick-c++-devel-5.5.6-20.x86_64.rpm 8ef8d2669889e83493db561cebf94108
ImageMagick-devel-5.5.6-20.x86_64.rpm 7cf9221f54d04b3033e95079dc0db2dd
ImageMagick-perl-5.5.6-20.x86_64.rpm 361f3f9b5792a118a0ce96caedd0ac55
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-6.0.7.1-16.src.rpm f59c64663d42e2d1fe6d6b7cfac374a5
IA-32:
ImageMagick-6.0.7.1-16.i386.rpm 9ce6677bc26a601454b0c61b2ab965b0
ImageMagick-c++-6.0.7.1-16.i386.rpm 1408abb6ca9cc9295638680548757bc3
ImageMagick-c++-devel-6.0.7.1-16.i386.rpm 1a7b7832059d68c4931aaaea676b0be5
ImageMagick-devel-6.0.7.1-16.i386.rpm 0e862f8aa201d0e66970bc956ddc0e96
ImageMagick-perl-6.0.7.1-16.i386.rpm a467957518b170445e0df04685559ca4
IA-64:
ImageMagick-6.0.7.1-16.ia64.rpm 6bbc6e4403a39ca153546238d8db5e57
ImageMagick-c++-6.0.7.1-16.ia64.rpm ffe66d720a1687ce09a44695f2d33cb8
ImageMagick-c++-devel-6.0.7.1-16.ia64.rpm 7b935504fdfe944a0281aabba2296192
ImageMagick-devel-6.0.7.1-16.ia64.rpm bd6f922c63271dd34738f3315fbe80d5
ImageMagick-perl-6.0.7.1-16.ia64.rpm 60c9a103a7f6398eb0f2f120a9e0cd36
x86_64:
ImageMagick-6.0.7.1-16.x86_64.rpm 1c428f689f50d0a08685a63664837f3f
ImageMagick-c++-6.0.7.1-16.x86_64.rpm 5efa19e9c0cf69a969ed18c5129850cf
ImageMagick-c++-devel-6.0.7.1-16.x86_64.rpm 8aa669fb7b7c53531bb5ba36732b30fd
ImageMagick-devel-6.0.7.1-16.x86_64.rpm ebc6cfa2e54293e5eaa5cf32f0cc9830
ImageMagick-perl-6.0.7.1-16.x86_64.rpm 4be4589c315cf057b4792de5b32991ac
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
ImageMagick-5.3.8-16.src.rpm 95c4b8a3a13a03b92e7731c1869ffd80
IA-64:
ImageMagick-5.3.8-16.ia64.rpm 397fdbc18c18676572bbd08b7b553ef7
ImageMagick-c++-5.3.8-16.ia64.rpm de51019600457d16a9f1c2aada788f82
ImageMagick-c++-devel-5.3.8-16.ia64.rpm 83609c183e34f11bf57b5a9a3758b90a
ImageMagick-devel-5.3.8-16.ia64.rpm e2b208ef6333a5a6432e41d8412c935e
ImageMagick-perl-5.3.8-16.ia64.rpm af83cc3860d24179a71c5b6bec51a5ba
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
202193 - CVE-2006-3743 ImageMagick multiple security issues (CVE-2006-3744)
202771 - CVE-2006-4144 ImageMagick ReadSGIImage() integer overflow
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144
http://www.redhat.com/security/updates/classification/#moderate
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2006:0633-5 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
Q-285: ncompress
Q-286: RPC Interface Heap Overflow
Q-287: Shadow Programming Error
Q-288: ClamAV Buffer Overflow
Q-289: Vulnerability May Allow Users With the "File System Management" RBAC Profile to Gain Elevated Privileges
Q-290: Xsan Filesystem 1.4
Q-291: Buffer Overflow in the format(1M) Command
Q-292: XFree86 Security Update
Q-293: Kernel Security Update
Q-294: Multiple Security Vulnerabilities in Mozilla 1.4 and 1.7