|
|
>> Fedora Security Update Fixes ImageMagick libMagick Heap Overflow Vulnerability
|
Title : Fedora Security Update Fixes ImageMagick libMagick Heap Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2006-2011
CVE ID : CVE-2006-2440
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-29
|
Fedora has released updated packages to address a vulnerability identified in ImageMagick. This flaw is due to a heap overflow error during filename glob expansion by the "ExpandFilenames" function, which could be exploited by attackers to execute arbitrary commands via a malicious image containing a specially crafted index array.
Affected Products
Fedora Core 4
Fedora Core 5
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
880aa3ef59502bf1bd0133cf77c7b88fa984c5b7 SRPMS/ImageMagick-6.2.2.0-3.fc4.2.src.rpm
b295936ce3884b6ad5a15004f380379d361c9d2a ppc/ImageMagick-6.2.2.0-3.fc4.2.ppc.rpm
1af9f800aa0841938a415a40f563b5bc7bbfac0c ppc/ImageMagick-devel-6.2.2.0-3.fc4.2.ppc.rpm
b64ee36d3fe5ebea1e5bfbf1f174c92d22ae60d9 ppc/ImageMagick-perl-6.2.2.0-3.fc4.2.ppc.rpm
fec3fae448b83c9f78fdac69fe60f375a60abd60 ppc/ImageMagick-c++-6.2.2.0-3.fc4.2.ppc.rpm
51f5e4a391d487542e8f9cedb62ac4584c1c1555 ppc/ImageMagick-c++-devel-6.2.2.0-3.fc4.2.ppc.rpm
98c7b4ef9cf86e9bca32dc1f8f503df56b5a0150 ppc/debug/ImageMagick-debuginfo-6.2.2.0-3.fc4.2.ppc.rpm
78b4235d146248facc3ada00838fae69eaf794ba ppc/ImageMagick-6.2.2.0-3.fc4.2.ppc64.rpm
923cfe47a1934e9aa6e7843b291827aeffa2578a ppc/ImageMagick-c++-6.2.2.0-3.fc4.2.ppc64.rpm
b35325128370341ae59f0107edadee5c40c6337d x86_64/ImageMagick-6.2.2.0-3.fc4.2.x86_64.rpm
16480bdc2c157d25686e84ad4f801071fee1a622 x86_64/ImageMagick-devel-6.2.2.0-3.fc4.2.x86_64.rpm
a240660e9dffc5595f51020a3a0df51b1e653e2d x86_64/ImageMagick-perl-6.2.2.0-3.fc4.2.x86_64.rpm
3c98e3293ad9d0a6df29aaeb4e053beb6c188469 x86_64/ImageMagick-c++-6.2.2.0-3.fc4.2.x86_64.rpm
5de2a74e746933e0832c6064c26064618964a8fa x86_64/ImageMagick-c++-devel-6.2.2.0-3.fc4.2.x86_64.rpm
6a26dc911c61ac368c3f09a7cea3e8145115e7cf x86_64/debug/ImageMagick-debuginfo-6.2.2.0-3.fc4.2.x86_64.rpm
a25f53737b62d7081746efdcf88ce2565d6c1b13 i386/ImageMagick-6.2.2.0-3.fc4.2.i386.rpm
8eb1983d6c444ce9f931124564cc417eb7f04a3a i386/ImageMagick-devel-6.2.2.0-3.fc4.2.i386.rpm
66ad32658841da1039787b9bb399b2061efd618e i386/ImageMagick-perl-6.2.2.0-3.fc4.2.i386.rpm
85d46fff4242e6434727cd1e3ac562c8d4a36c7a i386/ImageMagick-c++-6.2.2.0-3.fc4.2.i386.rpm
9dc70e8f20d3d393d7d1a0627a6387f1b2f75e54 i386/ImageMagick-c++-devel-6.2.2.0-3.fc4.2.i386.rpm
39b482b2e8e8864281d87442c9a6850342c18fe5 i386/debug/ImageMagick-debuginfo-6.2.2.0-3.fc4.2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
661af9c27bddf7922c24ee3806f4b3c99770f62c SRPMS/ImageMagick-6.2.5.4-4.2.1.fc5.2.src.rpm
bd113e9c8c21fb9a6160dca1bd54a660ed6b96bc ppc/ImageMagick-6.2.5.4-4.2.1.fc5.2.ppc.rpm
0ae707429f364805fe661d2735253be7e96b1755 ppc/ImageMagick-devel-6.2.5.4-4.2.1.fc5.2.ppc.rpm
0f07a39532b6fbd8fcfa86eabe6001df3e9574c6 ppc/ImageMagick-perl-6.2.5.4-4.2.1.fc5.2.ppc.rpm
9314c4fc1404998b613410f03d264e34900c28e7 ppc/ImageMagick-c++-6.2.5.4-4.2.1.fc5.2.ppc.rpm
f1af28deb167e996f41b007ae6f7254fd8cbe3aa ppc/ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.2.ppc.rpm
88a0cc790ff8ed05d054a2af200b4a4539632807 ppc/debug/ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.2.ppc.rpm
3df6175a3171455690d1ec94c4e8b62dad2da478 ppc/ImageMagick-6.2.5.4-4.2.1.fc5.2.ppc64.rpm
b1aa9dcd545e968222476666fdfb62ca8636f5ff ppc/ImageMagick-c++-6.2.5.4-4.2.1.fc5.2.ppc64.rpm
213c7721ef313a8eac5819cd212d4b2904002077 x86_64/ImageMagick-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
c1108f4867dafdab3c063bbe38a26df6a0bb0573 x86_64/ImageMagick-devel-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
2fbe154c53b0f81308b850fd50bb371035742c21 x86_64/ImageMagick-perl-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
38ad446cbc9013b0da69fb8896ec2db57470e053 x86_64/ImageMagick-c++-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
77cea7a1c33d92c964ec9c3bd39d04b38a23001a x86_64/ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
5804fe6d59393d39fb81951af11a2bfd9fa2b7bf x86_64/debug/ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.2.x86_64.rpm
0f7e4b69d28268e84eab5227703b9de3c8b28e21 i386/ImageMagick-6.2.5.4-4.2.1.fc5.2.i386.rpm
19b73417b01283fca29f2a45ca3ae82b9d860a46 i386/ImageMagick-devel-6.2.5.4-4.2.1.fc5.2.i386.rpm
4c6c56a91835764e336836a0c76269dbf719bc25 i386/ImageMagick-perl-6.2.5.4-4.2.1.fc5.2.i386.rpm
a37cf2f89716f889cc84feda7ae37b3260a141f1 i386/ImageMagick-c++-6.2.5.4-4.2.1.fc5.2.i386.rpm
80c0eb208b1e707941b2137621c87da04a7d816a i386/ImageMagick-c++-devel-6.2.5.4-4.2.1.fc5.2.i386.rpm
d844dca416ba1fa791c255592f51b51ba4c9b362 i386/debug/ImageMagick-debuginfo-6.2.5.4-4.2.1.fc5.2.i386.rpm
References
http://www.vupen.com/english/advisories/2006/2011
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00124.html
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00125.html
ChangeLog
2006-05-29 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
