Bug 176837 - CVE-2005-4601 ImageMagick display command shell command injection
CVE-2005-4601 ImageMagick display command shell command injection
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ImageMagick (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthias Clasen
Mike McLean
reported=20060101,public=20051229,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-03 10:56 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHSA-2006-0178
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-14 11:08:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch for 6.0.7 (RHEL 4) (2.50 KB, patch)
2006-01-06 13:31 EST, Matthias Clasen
no flags Details | Diff
patch for 5.5.6 (RHEL 3) (1.87 KB, patch)
2006-01-06 13:31 EST, Matthias Clasen
no flags Details | Diff
patch for 5.3.8 (RHEL 2.1) (1.26 KB, patch)
2006-01-06 13:32 EST, Matthias Clasen
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0178 normal SHIPPED_LIVE Moderate: ImageMagick security update 2006-02-14 00:00:00 EST

  None (edit)
Description Josh Bressers 2006-01-03 10:56:16 EST
ImageMagick display command shell command injection

When displaying an image in ImageMagick with a carefully crafted
filename, it is possible to execute arbitrary commands.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238


This issue also affects RHEL3
This issue also affects RHEL2.1
Comment 1 Matthias Clasen 2006-01-06 13:31:21 EST
Created attachment 122886 [details]
patch for 6.0.7 (RHEL 4)
Comment 2 Matthias Clasen 2006-01-06 13:31:47 EST
Created attachment 122887 [details]
patch for 5.5.6 (RHEL 3)
Comment 3 Matthias Clasen 2006-01-06 13:32:42 EST
Created attachment 122888 [details]
patch for 5.3.8 (RHEL 2.1)
Comment 4 Matthias Clasen 2006-01-06 13:52:03 EST
The fixes are contained in 
ImageMagick-6.0.7.1-14 (RHEL4)
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)

Comment 7 Red Hat Bugzilla 2006-02-14 11:08:01 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0178.html

Note You need to log in before you can comment on or make changes to this bug.