English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 08 Feb 2007
 Last revised: 08 Feb 2007

 Package : ImageMagick

 Summary : Multiple buffer overflow

 More information :
    ImageMagick(TM) is an image display and manipulation tool for the X Window System.  
    ImageMagick can read and write JPEG, TIFF, PNM, GIF and Photo CD image file formats.

    Multiple buffer overflows in ImageMagick,user-assisted attackers to execute arbitrary
    code via crafted XCF images.
    Multiple integer overflows in ImageMagick, user-assisted attackers to execute arbitrary 
    code via crafted Sun  Rasterfile (bitmap) images.
    Integer overflow in the ReadSGIImage function.
    Multiple buffer overflows in Imagemagick has unknown impact and user-assisted attack 
    vectors via a crafted SGI image.

 Impact :
    These vulnerabilities may allow remote attackers to execute arbitrary code via a 
    malformed image or video file in AVI or BMP formats.

  Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   ImageMagick-6.0.5-12.src.rpm
      7518273 8d6c549c482b5bb5c97b0c55e8075ccd

   Binary Packages
   Size: MD5

   ImageMagick-6.0.5-12.i586.rpm
      4365962 9846a0f65fec9be3d42b465556ed4509
   ImageMagick-devel-6.0.5-12.i586.rpm
       786270 97e1c1600b7cf9f450f7564c6e5f8339

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ImageMagick-6.2.3-5.src.rpm
      6429219 435e43fecf007acda9dbe1063a748811

   Binary Packages
   Size: MD5

   ImageMagick-6.2.3-5.i686.rpm
      2972843 d53a97aa1823404dddfaddc80c343ca3
   ImageMagick-c++-6.2.3-5.i686.rpm
       337097 11ac2396fa592c075f1923cf3ad8586f
   ImageMagick-devel-6.2.3-5.i686.rpm
       992994 a2c1f2680cbac43541419d249765e36f
   ImageMagick-perl-6.2.3-5.i686.rpm
       101992 f280c07605553b71932c470722e736f2

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/ImageMagick-6.0.5-12.src.rpm
      7518273 78c9c2e771b7ee0ce88543f419c85490

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ImageMagick-6.0.5-12.x86_64.rpm
      4388803 58b253bf1c08a2bab2d9aad64d58703b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ImageMagick-c++-6.0.5-12.x86_64.rpm
       318615 bda199bd681f920d7c57ff536077fecb
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ImageMagick-devel-6.0.5-12.x86_64.rpm
       801913 9edbafc98e20e8b4b7568865d8239861
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/ImageMagick-perl-6.0.5-12.x86_64.rpm
        74830 32d1826a26775102fbad88c47008e7b8

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/ImageMagick-6.0.5-12.src.rpm
      7518273 8d6c549c482b5bb5c97b0c55e8075ccd

   Binary Packages
   Size: MD5

   ImageMagick-6.0.5-12.i586.rpm
      4365962 9846a0f65fec9be3d42b465556ed4509
   ImageMagick-devel-6.0.5-12.i586.rpm
       786270 97e1c1600b7cf9f450f7564c6e5f8339

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-6.0.5-12.src.rpm
      7518273 f0fabbe1fe5a878a72fbc16cb702c902

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-6.0.5-12.i586.rpm
      4373588 e210d4b1ee1c506226cb2d70e69997d3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-6.0.5-12.i586.rpm
       784758 2c44585b55c85832090708423712dbd7

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-8.src.rpm
      3622245 d90ae692343bc7dc97d47a5fe8ff005b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-8.i586.rpm
      3213142 25eddfd8aa73a6e44e02598f7626ee2a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-8.i586.rpm
      1392832 6a00cc2e2fd46312d9307de50a71c878
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-8.i586.rpm
       856289 c34bdd842b5d7078713d1c867dc14727
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-8.i586.rpm
        60734 2d961e5b6a9f494d522223550bb60a1e


 References:

 CVE
   [CVE-2006-3743]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
   [CAN-2006-3744]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-3744
   [CVE-2006-4144]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144
   [CVE-2006-5456]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
   [CVE-2006-5868]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5868

 --------------------------------------------------------------------------
 Revision History
    08 Feb 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFFyxMEK0LzjOqIJMwRArhuAKCinikhdTMniKxOGKMXh5OtDszNxgCeOAya
DX74jzkm5jobwcrAqVS2MTk=
=wcxV
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.