Paketname
ImageMagick
Datum
2006-01-26
Advisory ID
MDKSA-2006:024
Betroffene Versionen
CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problembeschreibung

The delegate code in ImageMagick 6.2.4.x allows remote attackers to
execute arbitrary commands via shell metacharacters in a filename that
is processed by the display command. (CVE-2005-4601)

A format string vulnerability in the SetImageInfo function in image.c for
ImageMagick 6.2.3, and other versions, allows user-complicit attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via a numeric format string specifier such as %d in the file name,
a variant of CVE-2005-0397, and as demonstrated using the convert program.
(CVE-2006-0082)

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

CS3.0 i586

 021439b9cb4a5c27e6852fcc2af5d531  corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.5.C30mdk.i586.rpm
 8dedbc0bed9a4550bff68240e038ed62  corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.5.C30mdk.i586.rpm
 8d9164870b6138c13b19f281e3c677db  corporate/3.0/RPMS/libMagick5.5.7-5.5.7.15-6.5.C30mdk.i586.rpm
 0f16cd8c20c413b243ed15652a5f4f3a  corporate/3.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.5.C30mdk.i586.rpm
 76af97eaf355909f11f18fe2794b0052  corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.5.C30mdk.i586.rpm
 8ec1dda65d54f92c98538b6fd5a8e359  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.5.C30mdk.src.rpm

2006.0 i586

 c4a8dbb0c78f5a7bf916249963c2b159  2006.0/RPMS/ImageMagick-6.2.4.3-1.1.20060mdk.i586.rpm
 b9af05a8427ed951286f51345b98c393  2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.1.20060mdk.i586.rpm
 9d0d37ebd857d01a2d06a8bc1dedb852  2006.0/RPMS/libMagick8.4.2-6.2.4.3-1.1.20060mdk.i586.rpm
 057983a9ced52fbbfbe3e290ad4035af  2006.0/RPMS/libMagick8.4.2-devel-6.2.4.3-1.1.20060mdk.i586.rpm
 e54224a7c3029af1d277018eec729dcb  2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.1.20060mdk.i586.rpm
 251689f39a92cdb7aaf8799976d86c92  2006.0/SRPMS/ImageMagick-6.2.4.3-1.1.20060mdk.src.rpm

2006.0 x86_64

 8836b5a35dd4c1c39b671828ba80e6d7  x86_64/2006.0/RPMS/ImageMagick-6.2.4.3-1.1.20060mdk.x86_64.rpm
 5b6c180b0a43570eda2a89fc790f2e38  x86_64/2006.0/RPMS/ImageMagick-doc-6.2.4.3-1.1.20060mdk.x86_64.rpm
 efd097268b8e3dbd6421988a6f125660  x86_64/2006.0/RPMS/lib64Magick8.4.2-6.2.4.3-1.1.20060mdk.x86_64.rpm
 fd8374927f02d1eaa96dcb40485a246d  x86_64/2006.0/RPMS/lib64Magick8.4.2-devel-6.2.4.3-1.1.20060mdk.x86_64.rpm
 49cc6e373ec62eb10fec9ac21ad5cab7  x86_64/2006.0/RPMS/perl-Image-Magick-6.2.4.3-1.1.20060mdk.x86_64.rpm
 251689f39a92cdb7aaf8799976d86c92  x86_64/2006.0/SRPMS/ImageMagick-6.2.4.3-1.1.20060mdk.src.rpm

CS3.0 x86_64

 ead9e8f8e105cbfe79d26735e9417e51  x86_64/corporate/3.0/RPMS/ImageMagick-5.5.7.15-6.5.C30mdk.x86_64.rpm
 468eb78d6d64082b8749edcb200cf945  x86_64/corporate/3.0/RPMS/ImageMagick-doc-5.5.7.15-6.5.C30mdk.x86_64.rpm
 de31d5f60855911e1ebad3b8c2bf8fdf  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.5.C30mdk.x86_64.rpm
 0970d0cb5697dccfbf01ebac4b6b6851  x86_64/corporate/3.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.5.C30mdk.x86_64.rpm
 91621062d0940a69eec9abd42e5029d3  x86_64/corporate/3.0/RPMS/perl-Magick-5.5.7.15-6.5.C30mdk.x86_64.rpm
 8ec1dda65d54f92c98538b6fd5a8e359  x86_64/corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.5.C30mdk.src.rpm

Referenzen