176837 – CVE-2005-4601 ImageMagick display command shell command injection

Bug 176837 - CVE-2005-4601 ImageMagick display command shell command injection

Summary: CVE-2005-4601 ImageMagick display command shell command injection

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	ImageMagick
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Matthias Clasen
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:	reported=20060101,public=20051229,sou...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-01-03 15:56 UTC by Josh Bressers
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:	RHSA-2006-0178
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-14 16:08:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch for 6.0.7 (RHEL 4) (2.50 KB, patch) 2006-01-06 18:31 UTC, Matthias Clasen	no flags	Details \| Diff
patch for 5.5.6 (RHEL 3) (1.87 KB, patch) 2006-01-06 18:31 UTC, Matthias Clasen	no flags	Details \| Diff
patch for 5.3.8 (RHEL 2.1) (1.26 KB, patch) 2006-01-06 18:32 UTC, Matthias Clasen	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2006:0178	0	normal	SHIPPED_LIVE	Moderate: ImageMagick security update	2006-02-14 05:00:00 UTC

Description Josh Bressers 2006-01-03 15:56:16 UTC

ImageMagick display command shell command injection

When displaying an image in ImageMagick with a carefully crafted
filename, it is possible to execute arbitrary commands.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238


This issue also affects RHEL3
This issue also affects RHEL2.1

Comment 1 Matthias Clasen 2006-01-06 18:31:21 UTC

Created attachment 122886 [details]
patch for 6.0.7 (RHEL 4)

Comment 2 Matthias Clasen 2006-01-06 18:31:47 UTC

Created attachment 122887 [details]
patch for 5.5.6 (RHEL 3)

Comment 3 Matthias Clasen 2006-01-06 18:32:42 UTC

Created attachment 122888 [details]
patch for 5.3.8 (RHEL 2.1)

Comment 4 Matthias Clasen 2006-01-06 18:52:03 UTC

The fixes are contained in 
ImageMagick-6.0.7.1-14 (RHEL4)
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)

Comment 7 Red Hat Bugzilla 2006-02-14 16:08:01 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0178.html

Note You need to log in before you can comment on or make changes to this bug.