RHEL 2.1 : ImageMagick (RHSA-2004:494)
High Nessus Plugin ID 15537
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated ImageMagick packages that fix various security vulnerabilities are now available.
ImageMagick(TM) is an image display and manipulation tool for the X Window System.
A heap overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted BMP file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0827 to this issue.
A temporary file handling bug has been found in ImageMagick's libmagick library. A local user could overwrite or create files as a different user if a program was linked with the vulnerable library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0455 to this issue.
Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue.
SolutionUpdate the affected packages.