[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1CTzjD-000oivC__10088.5718864904$1100625150$gmane$org@finlandia.Infodrom.North.DE>
Date: Tue, 16 Nov 2004 10:34:23 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 593-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
November 16th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : imagemagick
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0981
Debian Bug : 278401
A vulnerability has been reported for ImageMagick, a commonly used
image manipulation library. Due to a boundary error within the EXIF
parsing routine, a specially crafted graphic images could lead to the
execution of arbitrary code.
For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody4.
For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.5.
We recommend that you upgrade your imagemagick packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.dsc
Size/MD5 checksum: 852 c053f06bcb00f7cc722814ece4c99462
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.diff.gz
Size/MD5 checksum: 15309 bb1ec78c190677ceb5311ffe167b8184
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07
Alpha architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 1309792 f3e20f97b3a081cd3e73675c2131a345
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 154144 4b8abf5400526b55d41b6a23a747740d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 56232 d6be366bdb42ff918de236b42e5fc03e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 833420 811a90a17be12877a5352474b4ff50b0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 67276 ea7ecc0c685293d0bfe90d7d5eec5eae
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_alpha.deb
Size/MD5 checksum: 113786 896b92eda8b1572090c28f7781617bcb
ARM architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 1297076 1480d317943ebd0d62af4e91cb70e8bc
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 118678 9bd22b4793a02f7d55178093950f2af1
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 56272 dced3c2b19dadc4a9269ca8694a9fb17
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 898586 0603ac9d5290dad892eb26cc9d3f5f9c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 67312 332b1462e38cab79c3baf075124f0a52
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_arm.deb
Size/MD5 checksum: 109900 d5c8d8247af36dbf8e6d38343b451c0b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 1295130 5c546d50eb6a1c1597c491849a74ba00
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 122766 a778e5be49e9a22fea94f6a6d83f7035
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 56254 2758908cfe92661e70e3def07595126a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 772498 17eb974bb841ad4332e1ebbc800f7ce2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 67296 f1c482c8e6a2e0dda18d9fd69120f8f2
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_i386.deb
Size/MD5 checksum: 106912 3a35af388be49b0978665202a1ec7e66
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 1336172 10c0e32424a9dca3d3cd66779921022f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 137042 d499c76fb08bfb8c63bf89384f297bf7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 56222 c0e9c7c41e6cb6f0097f979373b6a895
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 1359968 58957910d3e927d2f0c41db825db19d5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 67260 1ab111e57700c86384f02b98e7be823e
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_ia64.deb
Size/MD5 checksum: 132904 55f936250c3cf6859dc38cfce35df9a6
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 1297346 930d77ec6653cd705af67d47f1090d32
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 132850 d5988feb87c126dcab6df72e6e590545
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 56270 3395e0bbce4bc6092fc81a1fe1193bc2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 859724 56b6e89439f151f21001e345340248a4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 67328 c88fc994c5ed2c6fed15685fdd78758f
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_hppa.deb
Size/MD5 checksum: 117164 30cd8726f73026a2e20c8efe04c528a9
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 1292548 8d360c360fbb9c477cd0ae1aca69448e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 134004 5d597e8f01686d39f1a852b248487b59
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 56300 3160b3dae3facf978d1176957b95af68
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 751758 83cc438c729286babb7ac84346f07654
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 67332 d13d7618bbce5050e8d05bfaa5ab6498
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_m68k.deb
Size/MD5 checksum: 107408 6e3b040f07982b2fd3f1d0f83ec02f8d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 1294866 2e4bd7d79951377b4da399738fe88a77
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 120252 7c69c8cbae8f03add859573edfe3e241
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 56276 3a8ff5352159ddfb8b2d32641acdd625
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 733000 30b1e4b7c930878890553ef6a441ca09
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 67326 6bc5cdbfe033642b3a27baeafb31f300
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mips.deb
Size/MD5 checksum: 103322 7075ae9b234bc564631b67661736e543
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 1294860 33b3593e696a9aff9dac216778fea431
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 113820 a81bf3b33cd7abddb1335ab61be0c4dc
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 56302 e1f179a6be8c7781eba49e0c25d1013e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 721030 2dd79a60f0e8a46dee376cbe79b78b8d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 67322 a8e370ec24fcb00d8b585837034502e5
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mipsel.deb
Size/MD5 checksum: 102868 ac84fdb646eace65d69208bb522a3976
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 1291426 205981d0b3cd47699602d1ecb8636fb4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 135900 4908551a03f72d05f4d34f2bf767fcdd
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 56268 8c3150906852c56a2cce8ebb20292e84
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 786006 39b95827036f22e43245489944294bb8
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 67304 9eb67cfc99e2632453c9335d7688ca6f
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_powerpc.deb
Size/MD5 checksum: 111908 369ae1547d021b06c865e107db68c1bc
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 1292148 b018542967462dfb08559ee8ca413af0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 132004 366eca80ee3ae6e97e75c346298dfa4e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 56256 b50d9cda59825fb64ce17d42e6862c21
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 777968 b51017dcfc2106b458af6fd3f0f1e5c0
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 67304 5884f688ddd0dd60eb44cf609c79b0c2
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_s390.deb
Size/MD5 checksum: 108956 0a1a43eb74ac289387783e32c85fb15b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 1295192 ecc31b2bf9f87175011f42517406449b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 123844 506d5252bd0b53224f358eef3cfc0808
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 56262 1c5766ed3e5e2a2ed57bf2394481e23d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 802610 ed2a8842b6612e96682f13e28fa74f96
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 67312 a640d03d461769bb0c23f1a77003ef1d
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_sparc.deb
Size/MD5 checksum: 112880 93033756bee95ec9523d427e6813782d
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBmcmfW5ql+IAeqTIRAul8AJ0e5dY/HcW4eILJWkl29l/50y7enACfZuOx
/kB5O6El6qbIzyYEndt9XSM=
=KoeR
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists