lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1CTzjD-000oivC__10088.5718864904$1100625150$gmane$org@finlandia.Infodrom.North.DE>
Date: Tue, 16 Nov 2004 10:34:23 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 593-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
November 16th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0981
Debian Bug     : 278401

A vulnerability has been reported for ImageMagick, a commonly used
image manipulation library.  Due to a boundary error within the EXIF
parsing routine, a specially crafted graphic images could lead to the
execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody4.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.5.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.dsc
      Size/MD5 checksum:      852 c053f06bcb00f7cc722814ece4c99462
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.diff.gz
      Size/MD5 checksum:    15309 bb1ec78c190677ceb5311ffe167b8184
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:  1309792 f3e20f97b3a081cd3e73675c2131a345
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:   154144 4b8abf5400526b55d41b6a23a747740d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:    56232 d6be366bdb42ff918de236b42e5fc03e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:   833420 811a90a17be12877a5352474b4ff50b0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:    67276 ea7ecc0c685293d0bfe90d7d5eec5eae
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_alpha.deb
      Size/MD5 checksum:   113786 896b92eda8b1572090c28f7781617bcb

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:  1297076 1480d317943ebd0d62af4e91cb70e8bc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:   118678 9bd22b4793a02f7d55178093950f2af1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:    56272 dced3c2b19dadc4a9269ca8694a9fb17
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:   898586 0603ac9d5290dad892eb26cc9d3f5f9c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:    67312 332b1462e38cab79c3baf075124f0a52
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_arm.deb
      Size/MD5 checksum:   109900 d5c8d8247af36dbf8e6d38343b451c0b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:  1295130 5c546d50eb6a1c1597c491849a74ba00
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:   122766 a778e5be49e9a22fea94f6a6d83f7035
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:    56254 2758908cfe92661e70e3def07595126a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:   772498 17eb974bb841ad4332e1ebbc800f7ce2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:    67296 f1c482c8e6a2e0dda18d9fd69120f8f2
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_i386.deb
      Size/MD5 checksum:   106912 3a35af388be49b0978665202a1ec7e66

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:  1336172 10c0e32424a9dca3d3cd66779921022f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:   137042 d499c76fb08bfb8c63bf89384f297bf7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:    56222 c0e9c7c41e6cb6f0097f979373b6a895
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:  1359968 58957910d3e927d2f0c41db825db19d5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:    67260 1ab111e57700c86384f02b98e7be823e
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_ia64.deb
      Size/MD5 checksum:   132904 55f936250c3cf6859dc38cfce35df9a6

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:  1297346 930d77ec6653cd705af67d47f1090d32
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:   132850 d5988feb87c126dcab6df72e6e590545
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:    56270 3395e0bbce4bc6092fc81a1fe1193bc2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:   859724 56b6e89439f151f21001e345340248a4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:    67328 c88fc994c5ed2c6fed15685fdd78758f
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_hppa.deb
      Size/MD5 checksum:   117164 30cd8726f73026a2e20c8efe04c528a9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:  1292548 8d360c360fbb9c477cd0ae1aca69448e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:   134004 5d597e8f01686d39f1a852b248487b59
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:    56300 3160b3dae3facf978d1176957b95af68
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:   751758 83cc438c729286babb7ac84346f07654
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:    67332 d13d7618bbce5050e8d05bfaa5ab6498
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_m68k.deb
      Size/MD5 checksum:   107408 6e3b040f07982b2fd3f1d0f83ec02f8d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:  1294866 2e4bd7d79951377b4da399738fe88a77
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:   120252 7c69c8cbae8f03add859573edfe3e241
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:    56276 3a8ff5352159ddfb8b2d32641acdd625
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:   733000 30b1e4b7c930878890553ef6a441ca09
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:    67326 6bc5cdbfe033642b3a27baeafb31f300
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mips.deb
      Size/MD5 checksum:   103322 7075ae9b234bc564631b67661736e543

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:  1294860 33b3593e696a9aff9dac216778fea431
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:   113820 a81bf3b33cd7abddb1335ab61be0c4dc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:    56302 e1f179a6be8c7781eba49e0c25d1013e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:   721030 2dd79a60f0e8a46dee376cbe79b78b8d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:    67322 a8e370ec24fcb00d8b585837034502e5
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mipsel.deb
      Size/MD5 checksum:   102868 ac84fdb646eace65d69208bb522a3976

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:  1291426 205981d0b3cd47699602d1ecb8636fb4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:   135900 4908551a03f72d05f4d34f2bf767fcdd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:    56268 8c3150906852c56a2cce8ebb20292e84
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:   786006 39b95827036f22e43245489944294bb8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:    67304 9eb67cfc99e2632453c9335d7688ca6f
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_powerpc.deb
      Size/MD5 checksum:   111908 369ae1547d021b06c865e107db68c1bc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:  1292148 b018542967462dfb08559ee8ca413af0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:   132004 366eca80ee3ae6e97e75c346298dfa4e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:    56256 b50d9cda59825fb64ce17d42e6862c21
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:   777968 b51017dcfc2106b458af6fd3f0f1e5c0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:    67304 5884f688ddd0dd60eb44cf609c79b0c2
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_s390.deb
      Size/MD5 checksum:   108956 0a1a43eb74ac289387783e32c85fb15b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:  1295192 ecc31b2bf9f87175011f42517406449b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:   123844 506d5252bd0b53224f358eef3cfc0808
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:    56262 1c5766ed3e5e2a2ed57bf2394481e23d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:   802610 ed2a8842b6612e96682f13e28fa74f96
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:    67312 a640d03d461769bb0c23f1a77003ef1d
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_sparc.deb
      Size/MD5 checksum:   112880 93033756bee95ec9523d427e6813782d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBmcmfW5ql+IAeqTIRAul8AJ0e5dY/HcW4eILJWkl29l/50y7enACfZuOx
/kB5O6El6qbIzyYEndt9XSM=
=KoeR
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ