ImageMagick Remote EXIF Parsing Buffer Overflow Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.

Red Hat has released an advisory (FEDORA-2005-221) and fixes to address this issue in Fedora Core 3. Please see the referenced advisory for further details regarding obtaining and applying an appropriate fix.

SuSE has released a security summary report (SUSE-SR:2004:001) to address this and other issues. The report indicates that a fix for this issue is available on the SuSE FTP server and also through the YaST Online Update utility. Customers are advised to peruse the referenced advisory for further details regarding obtaining and applying appropriate fixes.

SuSE has released advisory SUSE-SA:2004:041 mainly to address the vulnerabilities described in BID 11694. However, in the addendum of this advisory, it is reported that fixes for the issue described in this BID are now available on the SuSE update FTP server for download. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Debian has released an advisory DSA 593-1 and updates to address this vulnerability. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200411-11:01 to address this issue in ImageMagick. Users of the affected package are urged to execute the following commands with superuser privileges to install the updates:

emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.3.2"

MandrakeSoft has issued an advisory (MDKSA-2004:143) along with patched upgrades. Please see the referenced advisory for more information.

Red Hat has released a Red Hat Enterprise Linux advisory (RHSA-2004:636-03) that includes an updated version of ImageMagick to address this issue. Please see the referenced advisory for more information.

TurboLinux has issued an advisory and fixes for TurboLinux Server and Desktop 10. See advisory TLSA-2005-7 in the reference section.

Ubuntu has released advisory USN-90-1 to address this issue. Please see the referenced advisory for more information.

Gentoo linux has released an advisory (GLSA 200503-11) dealing with this issue. Gentoo advises that all ImageMagick users should upgrade to the latest version by issuing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4"

For more information please see the referenced Gentoo linux advisory.

Red Hat has released advisory RHSA-2005:320-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE Linux has released an advisory (SUSE-SA:2005:017) dealing with this and other issues. Please see the referenced advisory for more information.

RedHat has released advisories FEDORA-2005-234 and FEDORA-2005-235 dealing with this issue in their Core 2 and Core 3 packages respectively. Please see the referenced advisory for more information.

RedHat Fedora Legacy has released security advisory FLSA:152777 addressing this issue for RedHat Linux 7.3 and 9.0, and for Fedora Core 1 and 2. Please see the referenced advisory for further information.


Red Hat Fedora Core2

Red Hat Fedora Core1

ImageMagick ImageMagick 5.3.3

ImageMagick ImageMagick 5.4.3

ImageMagick ImageMagick 5.4.4 .5

ImageMagick ImageMagick 5.4.7

ImageMagick ImageMagick 5.4.8 .2-1.1.0

ImageMagick ImageMagick 5.4.8

ImageMagick ImageMagick 5.5.3 .2-1.2.0

ImageMagick ImageMagick 5.5.6 .0-20030409

ImageMagick ImageMagick 5.5.7

ImageMagick ImageMagick 6.0

ImageMagick ImageMagick 6.0.1

ImageMagick ImageMagick 6.0.3

ImageMagick ImageMagick 6.0.4

ImageMagick ImageMagick 6.0.5

ImageMagick ImageMagick 6.0.6

ImageMagick ImageMagick 6.0.7

ImageMagick ImageMagick 6.0.8

RedHat Linux 7.3 i386

RedHat Linux 7.3 i686

RedHat Linux 7.3

RedHat Linux 9.0 i386


 

Privacy Statement
Copyright 2010, SecurityFocus