Issued:: 2006-02-14
Updated:: 2006-02-14

RHSA-2006:0178 - Security Advisory

Overview
Updated Packages

Synopsis

ImageMagick security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated ImageMagick packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

A shell command injection flaw was found in ImageMagick's "display"
command. It is possible to execute arbitrary commands by tricking a user
into running "display" on a file with a specially crafted name. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2005-4601 to this issue.

A format string flaw was discovered in the way ImageMagick handles
filenames. It may be possible to execute arbitrary commands by tricking a
user into running a carefully crafted ImageMagick command. (CVE-2006-0082)

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 176837 - CVE-2005-4601 ImageMagick display command shell command injection
BZ - 176925 - CVE-2006-0082 ImageMagick format string vulnerability.

CVEs

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
ImageMagick-6.0.7.1-14.x86_64.rpm	SHA-256: 209d2d2b6cb03e09148d4d0f41aef381e241913c04a10d4037c32911ee0a4328
ImageMagick-6.0.7.1-14.x86_64.rpm	SHA-256: 209d2d2b6cb03e09148d4d0f41aef381e241913c04a10d4037c32911ee0a4328
ImageMagick-c++-6.0.7.1-14.x86_64.rpm	SHA-256: 62d4d1db2bb5da68e648d80941d604a2db15613e8d4c4d79b89cf215ee932827
ImageMagick-c++-6.0.7.1-14.x86_64.rpm	SHA-256: 62d4d1db2bb5da68e648d80941d604a2db15613e8d4c4d79b89cf215ee932827
ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm	SHA-256: 567de7cac295496fdfc797576549f338d69eb3e55b1cd67f815a58b085c97d2b
ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm	SHA-256: 567de7cac295496fdfc797576549f338d69eb3e55b1cd67f815a58b085c97d2b
ImageMagick-devel-6.0.7.1-14.x86_64.rpm	SHA-256: c5b05636e936a4d18789ef0f00ff010216ceda286d8208f5654540837c2918a9
ImageMagick-devel-6.0.7.1-14.x86_64.rpm	SHA-256: c5b05636e936a4d18789ef0f00ff010216ceda286d8208f5654540837c2918a9
ImageMagick-perl-6.0.7.1-14.x86_64.rpm	SHA-256: 8bc79df5264337e4de6049541ace6a92813c985ddb6d1a97921cd380514d54df
ImageMagick-perl-6.0.7.1-14.x86_64.rpm	SHA-256: 8bc79df5264337e4de6049541ace6a92813c985ddb6d1a97921cd380514d54df
ia64
ImageMagick-6.0.7.1-14.ia64.rpm	SHA-256: c46a51f9b97bdf818bbc8c25b3697c98b0ca8089ba285e47cb1c9c5b9427bd0a
ImageMagick-6.0.7.1-14.ia64.rpm	SHA-256: c46a51f9b97bdf818bbc8c25b3697c98b0ca8089ba285e47cb1c9c5b9427bd0a
ImageMagick-c++-6.0.7.1-14.ia64.rpm	SHA-256: c2a77ed52a5eeba7c46d374a0e3d9499c5ecd5af5e2b25b5e926afe16a814de8
ImageMagick-c++-6.0.7.1-14.ia64.rpm	SHA-256: c2a77ed52a5eeba7c46d374a0e3d9499c5ecd5af5e2b25b5e926afe16a814de8
ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm	SHA-256: 541feaa46e2a7467d54bb55167c4cb475f41d4bb95763b7277d6fb1875139c12
ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm	SHA-256: 541feaa46e2a7467d54bb55167c4cb475f41d4bb95763b7277d6fb1875139c12
ImageMagick-devel-6.0.7.1-14.ia64.rpm	SHA-256: bc7cab626e898b74e0f68866669bb2a7ac0c9347e32327ac436fb683d56ee432
ImageMagick-devel-6.0.7.1-14.ia64.rpm	SHA-256: bc7cab626e898b74e0f68866669bb2a7ac0c9347e32327ac436fb683d56ee432
ImageMagick-perl-6.0.7.1-14.ia64.rpm	SHA-256: dc8dea1ca91949f59985ae622d3296f289f779d1080371e87805b8205ed3d99e
ImageMagick-perl-6.0.7.1-14.ia64.rpm	SHA-256: dc8dea1ca91949f59985ae622d3296f289f779d1080371e87805b8205ed3d99e
i386
ImageMagick-6.0.7.1-14.i386.rpm	SHA-256: a7eea72cc8845434ba9e0c636caec4a852d052a1ac35449fe0857c30fe4414d3
ImageMagick-6.0.7.1-14.i386.rpm	SHA-256: a7eea72cc8845434ba9e0c636caec4a852d052a1ac35449fe0857c30fe4414d3
ImageMagick-c++-6.0.7.1-14.i386.rpm	SHA-256: b1955b54dfe5351148bf4767c09a7ec597cca90b4b85181b54f5684d207bb70a
ImageMagick-c++-6.0.7.1-14.i386.rpm	SHA-256: b1955b54dfe5351148bf4767c09a7ec597cca90b4b85181b54f5684d207bb70a
ImageMagick-c++-devel-6.0.7.1-14.i386.rpm	SHA-256: 7550a85f7c7c4c9387ffa28b1d19e2cc3c89ea24ee64e6e60819116fe8a81933
ImageMagick-c++-devel-6.0.7.1-14.i386.rpm	SHA-256: 7550a85f7c7c4c9387ffa28b1d19e2cc3c89ea24ee64e6e60819116fe8a81933
ImageMagick-devel-6.0.7.1-14.i386.rpm	SHA-256: af114c88af0e497d64f879ebb6936b01159af5492fcf34fc4d5351e92e5e8fc1
ImageMagick-devel-6.0.7.1-14.i386.rpm	SHA-256: af114c88af0e497d64f879ebb6936b01159af5492fcf34fc4d5351e92e5e8fc1
ImageMagick-perl-6.0.7.1-14.i386.rpm	SHA-256: 9506f1addeda0ecbfa50134478e8f30cf08f2070884d77981aa06da454519ba7
ImageMagick-perl-6.0.7.1-14.i386.rpm	SHA-256: 9506f1addeda0ecbfa50134478e8f30cf08f2070884d77981aa06da454519ba7

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
ImageMagick-6.0.7.1-14.x86_64.rpm	SHA-256: 209d2d2b6cb03e09148d4d0f41aef381e241913c04a10d4037c32911ee0a4328
ImageMagick-c++-6.0.7.1-14.x86_64.rpm	SHA-256: 62d4d1db2bb5da68e648d80941d604a2db15613e8d4c4d79b89cf215ee932827
ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm	SHA-256: 567de7cac295496fdfc797576549f338d69eb3e55b1cd67f815a58b085c97d2b
ImageMagick-devel-6.0.7.1-14.x86_64.rpm	SHA-256: c5b05636e936a4d18789ef0f00ff010216ceda286d8208f5654540837c2918a9
ImageMagick-perl-6.0.7.1-14.x86_64.rpm	SHA-256: 8bc79df5264337e4de6049541ace6a92813c985ddb6d1a97921cd380514d54df
ia64
ImageMagick-6.0.7.1-14.ia64.rpm	SHA-256: c46a51f9b97bdf818bbc8c25b3697c98b0ca8089ba285e47cb1c9c5b9427bd0a
ImageMagick-c++-6.0.7.1-14.ia64.rpm	SHA-256: c2a77ed52a5eeba7c46d374a0e3d9499c5ecd5af5e2b25b5e926afe16a814de8
ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm	SHA-256: 541feaa46e2a7467d54bb55167c4cb475f41d4bb95763b7277d6fb1875139c12
ImageMagick-devel-6.0.7.1-14.ia64.rpm	SHA-256: bc7cab626e898b74e0f68866669bb2a7ac0c9347e32327ac436fb683d56ee432
ImageMagick-perl-6.0.7.1-14.ia64.rpm	SHA-256: dc8dea1ca91949f59985ae622d3296f289f779d1080371e87805b8205ed3d99e
i386
ImageMagick-6.0.7.1-14.i386.rpm	SHA-256: a7eea72cc8845434ba9e0c636caec4a852d052a1ac35449fe0857c30fe4414d3
ImageMagick-c++-6.0.7.1-14.i386.rpm	SHA-256: b1955b54dfe5351148bf4767c09a7ec597cca90b4b85181b54f5684d207bb70a
ImageMagick-c++-devel-6.0.7.1-14.i386.rpm	SHA-256: 7550a85f7c7c4c9387ffa28b1d19e2cc3c89ea24ee64e6e60819116fe8a81933
ImageMagick-devel-6.0.7.1-14.i386.rpm	SHA-256: af114c88af0e497d64f879ebb6936b01159af5492fcf34fc4d5351e92e5e8fc1
ImageMagick-perl-6.0.7.1-14.i386.rpm	SHA-256: 9506f1addeda0ecbfa50134478e8f30cf08f2070884d77981aa06da454519ba7

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
ImageMagick-6.0.7.1-14.x86_64.rpm	SHA-256: 209d2d2b6cb03e09148d4d0f41aef381e241913c04a10d4037c32911ee0a4328
ImageMagick-c++-6.0.7.1-14.x86_64.rpm	SHA-256: 62d4d1db2bb5da68e648d80941d604a2db15613e8d4c4d79b89cf215ee932827
ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm	SHA-256: 567de7cac295496fdfc797576549f338d69eb3e55b1cd67f815a58b085c97d2b
ImageMagick-devel-6.0.7.1-14.x86_64.rpm	SHA-256: c5b05636e936a4d18789ef0f00ff010216ceda286d8208f5654540837c2918a9
ImageMagick-perl-6.0.7.1-14.x86_64.rpm	SHA-256: 8bc79df5264337e4de6049541ace6a92813c985ddb6d1a97921cd380514d54df
i386
ImageMagick-6.0.7.1-14.i386.rpm	SHA-256: a7eea72cc8845434ba9e0c636caec4a852d052a1ac35449fe0857c30fe4414d3
ImageMagick-c++-6.0.7.1-14.i386.rpm	SHA-256: b1955b54dfe5351148bf4767c09a7ec597cca90b4b85181b54f5684d207bb70a
ImageMagick-c++-devel-6.0.7.1-14.i386.rpm	SHA-256: 7550a85f7c7c4c9387ffa28b1d19e2cc3c89ea24ee64e6e60819116fe8a81933
ImageMagick-devel-6.0.7.1-14.i386.rpm	SHA-256: af114c88af0e497d64f879ebb6936b01159af5492fcf34fc4d5351e92e5e8fc1
ImageMagick-perl-6.0.7.1-14.i386.rpm	SHA-256: 9506f1addeda0ecbfa50134478e8f30cf08f2070884d77981aa06da454519ba7

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
ImageMagick-6.0.7.1-14.s390x.rpm	SHA-256: 7167b0cfeaa264dcc23324846f2ce2cfb8a14ca196424e3b0515085afe462c7b
ImageMagick-c++-6.0.7.1-14.s390x.rpm	SHA-256: dbcb0ec6f7704d47f1cc42adc429262f7321390879b8a1d9024b7fe5b078fee5
ImageMagick-c++-devel-6.0.7.1-14.s390x.rpm	SHA-256: bf0377e2071893d5ee9b29e9c8f69c187c84eb8a0412e7672a5b5fc3a595f686
ImageMagick-devel-6.0.7.1-14.s390x.rpm	SHA-256: 31aba29e413201c0c830be6070f1f361b9cf33bc207d42a7fa386aabb1bcfa3b
ImageMagick-perl-6.0.7.1-14.s390x.rpm	SHA-256: 8040b4407c9c5a837be724ba3a6f56f9f1e0d8d907e6162b0ed6f5fe299cfc1f
s390
ImageMagick-6.0.7.1-14.s390.rpm	SHA-256: 8a56876a556265d1772879f7d5e26f0bfe7dd4d92e63d6b6f6be06c2b9fbeeed
ImageMagick-c++-6.0.7.1-14.s390.rpm	SHA-256: e3cc48fec35525c69527ad373c94b45493647f54aca2b2f8a006055c2637a744
ImageMagick-c++-devel-6.0.7.1-14.s390.rpm	SHA-256: 0c686ec8bc2fce5c047e0713bea9b8dcee6cd8b3238f424bed4b6b21e039bbb5
ImageMagick-devel-6.0.7.1-14.s390.rpm	SHA-256: efcbdb05989ae5133abc658106dbc1acf4df53ba3ff0ece3f5aa9f081c15f0e6
ImageMagick-perl-6.0.7.1-14.s390.rpm	SHA-256: 690a82eea80b7e975a2dc3ab2ca2a1aa49a9ceb46e09ee18bea8256644aa3de9

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
ImageMagick-6.0.7.1-14.ppc.rpm	SHA-256: e68cdc25426ddb0aa249091589039180a46931cb4c96d12897aa26c5d47592b9
ImageMagick-c++-6.0.7.1-14.ppc.rpm	SHA-256: 3aed87f5f084ef86d0910967cc416268e53383ac86ccc52c2495e55fe49817f3
ImageMagick-c++-devel-6.0.7.1-14.ppc.rpm	SHA-256: 0b5fd31dae5675cfcf1c163d2cf88ddc57459de589c7e5e6a3fcf8af85905ba7
ImageMagick-devel-6.0.7.1-14.ppc.rpm	SHA-256: 5607f32216b7dc75726d8ff01d77863c057c203659af206b5818118fd50368b1
ImageMagick-perl-6.0.7.1-14.ppc.rpm	SHA-256: 9038cf60656770ecc97c0af5f8f1500a4689784a60958c9efb6f0a884307a101

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation