Bug 130807
Summary: | CAN-2004-0827 heap overflow in BMP decoder | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Josh Bressers <bressers> | ||||
Component: | ImageMagick | Assignee: | Jonathan Blandford <jrb> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Mike McLean <mikem> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3.0 | CC: | ddumas, deisenst | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=important,public=20041111 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-12-01 09:07:03 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Josh Bressers
2004-08-24 20:28:57 UTC
The patch for this issue is attachment 103039 [details]
I built these into errata-candidate. An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-494.html An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-480.html FYI, as in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130806#c2 , you may wish to have a look at https://bugzilla.fedora.us/show_bug.cgi?id=2052#c10 because the patch in comment #1 may not have caught all of the vulnerabilities, if this was the only patch applied into RHSA's 2004-494 and 2004-480. -David Our fix was obviously incomplete, we'll want to fix the correctly. Created attachment 106788 [details]
More comprehensive patch
FYI, here is a more comprehensive patch for this issue we've come up with over
on Fedora Legacy that we will soon be testing. -David
ImageMagic-6.0.7 seems to include these updated fixes in the upstream version, which is part of RHEL4-re1129.0 -> resolving. |