Bug 176925

Summary: CVE-2006-0082 ImageMagick format string vulnerability.
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: ImageMagickAssignee: Matthias Clasen <mclasen>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20060104,public=20060104,source=debian,impact=moderate
Fixed In Version: RHSA-2006-0178 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-14 16:08:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch for 6.2.5 (Rawhide)
none
patch for 6.0.7 (RHEL 4)
none
patch for 5.5.6 (RHEL 3)
none
patch for 5.3.8 (RHEL 2.1) none

Description Josh Bressers 2006-01-04 14:14:11 UTC 
ImageMagick format string vulnerability.

The fix for CVE-2005-0397 is incomplete.  As the Debian bug suggests,
by running a command such as:

convert file.jpg file%d%n.jpg

A segfault will result in ImageMagick.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876


This issue also affects RHEL3
This issue also affects RHEL2.1
Comment 1 Matthias Clasen 2006-01-04 17:04:07 UTC 
The fix in the debian bug is incomplete, the same code is repeated in blob.c
Comment 2 Matthias Clasen 2006-01-04 17:05:34 UTC 
Created attachment 122767 [details]
patch for 6.2.5 (Rawhide)
Comment 3 Matthias Clasen 2006-01-04 18:52:42 UTC 
Created attachment 122771 [details]
patch for 6.0.7 (RHEL 4)
Comment 4 Matthias Clasen 2006-01-04 18:54:29 UTC 
Created attachment 122772 [details]
patch for 5.5.6 (RHEL 3)
Comment 5 Matthias Clasen 2006-01-04 18:55:30 UTC 
Created attachment 122773 [details]
patch for 5.3.8 (RHEL 2.1)
Comment 6 Matthias Clasen 2006-01-06 18:51:01 UTC 
The fixes are contained in 
ImageMagick-6.0.7.1-14 (RHEL4)
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)
Comment 9 Red Hat Bugzilla 2006-02-14 16:08:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0178.html