Bug 176925 - CVE-2006-0082 ImageMagick format string vulnerability.
Summary: CVE-2006-0082 ImageMagick format string vulnerability.
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ImageMagick
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Matthias Clasen
QA Contact: Mike McLean
URL:
Whiteboard: reported=20060104,public=20060104,sou...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-04 14:14 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2006-02-14 16:08:09 UTC


Attachments (Terms of Use)
patch for 6.2.5 (Rawhide) (1.52 KB, patch)
2006-01-04 17:05 UTC, Matthias Clasen
no flags Details | Diff
patch for 6.0.7 (RHEL 4) (846 bytes, patch)
2006-01-04 18:52 UTC, Matthias Clasen
no flags Details | Diff
patch for 5.5.6 (RHEL 3) (802 bytes, patch)
2006-01-04 18:54 UTC, Matthias Clasen
no flags Details | Diff
patch for 5.3.8 (RHEL 2.1) (800 bytes, patch)
2006-01-04 18:55 UTC, Matthias Clasen
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0178 normal SHIPPED_LIVE Moderate: ImageMagick security update 2006-02-14 05:00:00 UTC

Description Josh Bressers 2006-01-04 14:14:11 UTC
ImageMagick format string vulnerability.

The fix for CVE-2005-0397 is incomplete.  As the Debian bug suggests,
by running a command such as:

convert file.jpg file%d%n.jpg

A segfault will result in ImageMagick.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876


This issue also affects RHEL3
This issue also affects RHEL2.1

Comment 1 Matthias Clasen 2006-01-04 17:04:07 UTC
The fix in the debian bug is incomplete, the same code is repeated in blob.c

Comment 2 Matthias Clasen 2006-01-04 17:05:34 UTC
Created attachment 122767 [details]
patch for 6.2.5 (Rawhide)

Comment 3 Matthias Clasen 2006-01-04 18:52:42 UTC
Created attachment 122771 [details]
patch for 6.0.7 (RHEL 4)

Comment 4 Matthias Clasen 2006-01-04 18:54:29 UTC
Created attachment 122772 [details]
patch for 5.5.6 (RHEL 3)

Comment 5 Matthias Clasen 2006-01-04 18:55:30 UTC
Created attachment 122773 [details]
patch for 5.3.8 (RHEL 2.1)

Comment 6 Matthias Clasen 2006-01-06 18:51:01 UTC
The fixes are contained in 
ImageMagick-6.0.7.1-14 (RHEL4)
ImageMagick-5.5.6-17 (RHEL 3)
ImageMagick-5.3.8-14 (RHEL 2.1)

Comment 9 Red Hat Bugzilla 2006-02-14 16:08:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0178.html



Note You need to log in before you can comment on or make changes to this bug.