lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050523115611.GC7667@piware.de>
Date: Mon, 23 May 2005 13:56:11 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-132-1] ImageMagick vulnerabilities

===========================================================
Ubuntu Security Notice USN-132-1	       May 23, 2005
imagemagick vulnerabilities
CAN-2005-1275
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libmagick6

The problem can be corrected by upgrading the affected package to
version 5:6.0.2.5-1ubuntu1.5 (for Ubuntu 4.10), or
6:6.0.6.2-2.1ubuntu1.1 (for Ubuntu 5.04).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

Damian Put discovered a buffer overflow in the PNM image decoder.
Processing a specially crafted PNM file with a small "colors" value
resulted in a crash of the application that used the ImageMagick
library. (CAN-2005-1275)

Another Denial of Service vulnerability was found in the XWD decoder.
Specially crafted invalid color masks resulted in an infinite loop
which caused the application using the ImageMagick library to stop
working and use all available CPU resources.
(http://bugs.gentoo.org/show_bug.cgi?id=90423)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5.diff.gz
      Size/MD5:   130449 c02f499e17af7bdc7e20651f531d6f70
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5.dsc
      Size/MD5:      874 2c85338db7fb219d46978b3d7034cef9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
      Size/MD5:  6700454 207fdb75b6c106007cc483cf15e619ad

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:  1366504 300e44bd4fdfb024f511a4e1f00908a7
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:   226902 e8ec218cbe9b0a6d187696a2609dc006
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:   161578 14d46a6f2b1d30a7cc57b33b0e73c465
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:  1520140 eabde7fb9f1208c92feb36787bef78af
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:  1167634 3c67ee284e541755dc4ee9c9a82ae614
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_amd64.deb
      Size/MD5:   139044 838c0f7e9cc8cd96c7616b16ea78f957

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:  1366466 d5590ce29af8fb21c8349803fa0755aa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:   206932 5b878f85d710c2da75a60cfdd87f3447
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:   163094 27ccf43826d9ed23da949f712a019b36
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:  1426174 25c8b4aa242149de2b54b7dd2a3c7aa5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:  1116184 203c946a3876e430519872333baeadb4
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_i386.deb
      Size/MD5:   137600 6f1922d6bc18a1992a764ba8128576e4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:  1371666 cd874241ec322049be288e7dab4a2790
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:   225576 efce83084feab4ed727b83e5ba4ee846
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:   154876 bef014419439ccd039c3a5f34155e958
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:  1661298 15b7df22219ef7c0ecf9802fdc2f62ee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:  1152446 09f41549e70af896a471af504f4a3525
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_powerpc.deb
      Size/MD5:   136534 1cf6cb3b9ee27873c12d120c7b235882

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1.diff.gz
      Size/MD5:   138620 8bf81a3e679b12e7c994ed5fac531e16
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1.dsc
      Size/MD5:      899 1fd6a6ef5fe1f158deb7e981f1d855b9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:  1465932 cfb01cdafa71415b43ab345eb34720b4
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:   228396 054aec768c2a7d25738ad013fb06c4a8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:   163140 ed09e5114b369f42f1af96601627c39c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:  1549066 c81d3c22f966af1efcc41efdbb809298
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:  1193758 3c700d63ff2912060761c54915ac143b
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_amd64.deb
      Size/MD5:   231412 2104d80c4130e64bdd4360f9c3b3aa9f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:  1464608 7d20e4741485ea6d37e4cf1874b7e5bf
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:   208466 7d39a1624ecad4999bd281be7ee81f89
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:   164078 f10524e48733247d1a1674085a58a5e8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:  1452320 e86ea77a295af62066c2f8e515e299ac
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:  1138784 5ae2f3417507afd8fd9d8a37dfc30fa7
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_i386.deb
      Size/MD5:   231792 1e06c1b8b13319e58de749409ca8aa18

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:  1471386 3d4daaff37a61d2e324167657d83f9aa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:   227312 73500b414f1e654cbaef4f69e42f10bf
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:   156352 bafbbf2008a203dff6122942a4dc7dbf
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:  1683632 b6c0e0940922d7c14399f7e6515bdb47
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:  1168576 de3c0b4120f612a09f732b5a21c25a1e
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_powerpc.deb
      Size/MD5:   270166 4216e493a92d5b2aeac7c2786fc04fec

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ