[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060906094610.GH4938@piware.de>
Date: Wed, 6 Sep 2006 11:46:10 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-340-1] imagemagick vulnerabilities
===========================================================
Ubuntu Security Notice USN-340-1 September 06, 2006
imagemagick vulnerabilities
CVE-2006-3743, CVE-2006-3744
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libmagick6 6:6.0.6.2-2.1ubuntu1.4
Ubuntu 5.10:
libmagick6 6:6.2.3.4-1ubuntu1.3
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Tavis Ormandy discovered several buffer overflows in imagemagick's Sun
Raster and XCF (Gimp) image decoders. By tricking a user or automated
system into processing a specially crafted image, this could be
exploited to execute arbitrary code with the users' privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.diff.gz
Size/MD5: 143874 bd710b48cad9d3d0266fa4dcd5523a48
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.dsc
Size/MD5: 899 e531cba19eb8e41c60e101cc6e79a486
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Size/MD5: 6824001 477a361ba0154cc2423726fab4a3f57c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 1466542 7f9e75099eed68669d5784876ae6066b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 229066 0db412e0a3bcf57d371eabbe1913fd24
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 163878 3134724644ad57be626b8ff613a4c835
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 1551292 62abe53d84248daa41b5c851a3497c7a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 1195038 201931b29c9950dd1027bfe217be6462
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
Size/MD5: 232130 b854f8b1de8e335d3e4e4d16ddce8cf8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 1465282 3c6d5443fe05ec3975766b03b3c763ef
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 209096 eb535269e229ebfbd222bb956bdb7e6a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 164478 8dee42e92a08db66e02d7c6907fed68b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 1453974 fc61c840f10cebd266617dd8350d06a1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 1140640 e09d81a8c7816587cc3499043f4443cc
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_i386.deb
Size/MD5: 232508 f1ab150d2419681e6766748ca7cdabeb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 1471972 ba92c6f99f9dbad7941cfe7904fc4c9d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 228064 8264660aa7e900a5b229211d2ab6fe95
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 157060 4c490ebe8e9ea43b64c60fa4925b69c9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 1686208 3d22a7499735de8d09c52bdea473cfab
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 1169978 9d3f855e0683a6e7769cdd532f8f3975
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
Size/MD5: 270880 5b8ea03a3203cb9d76cfe2b423e47464
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.diff.gz
Size/MD5: 143292 a6c6e92f30a8a62c2f309889ccdf127e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.dsc
Size/MD5: 899 8243dd001de2172bf8cb1e4c28feeed8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 1333894 ef56ee172d0cbb7c7b3cef82c9ee03ee
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 259336 bdad8c4e22b7d26393f31d8f90a06e15
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 171398 195c91188443422b9f58b8e10fe8362c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 1670736 35a690079e1c0304ba7f85b27a7a38fa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 1320416 9df057b70b2e090f32198815726f468a
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_amd64.deb
Size/MD5: 169418 40245a5d603fdf86d74c04a5b119e730
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 1332870 43996727c09d0731c140f0cd211a46f3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 235760 3a1052372a9c8216d940f73012944aad
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 170648 74558cf36b88a099f5e4dfb76974c86f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 1521778 e3acb57b6d90aae20e3a26dc8962a45f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 1224274 a59c665803b450a8cc91db7353cc6883
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_i386.deb
Size/MD5: 164720 d6249157f6bbe9908d863728a920b9b8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 1337722 e2137e6a371c985bc4b5e6f83fd58b21
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 260278 dcd0a323ba23dd3bb5b702ec3aa8825d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 163906 33c052c757665c20a40ae1ce39b718c8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 1874192 ae37d509a273a974b90e5337027da8f2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 1258020 92e4fc65e39cd6ccfe6311e8b0ad4ddc
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_powerpc.deb
Size/MD5: 163864 4e43a897b67d0fa938cd676fd0778d32
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 1333086 8b2ef320547ab41b906dd10a717023e3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 236926 00bdd59a73387766501db7e585a5f64e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 168758 59db7fd855648fbef9608d9a5ff5681c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 1782006 5fdbe61fa9b4d2b398e8784cd1248dcc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 1323562 4836a4cdd037cf30d3c7c0fa27884b2e
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_sparc.deb
Size/MD5: 166172 b3221914a5a54cacdde143a67be8b742
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.diff.gz
Size/MD5: 34590 249b4fe9ed75b1e0abcf9956dc3ddab0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.dsc
Size/MD5: 916 2bb38f32d3c2580682cfa2a8e69ef324
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 1615846 73d81c2ba3172e54bc6743b5b335e240
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 249128 c894ddd5a0e1e3e0a93e52ca10e41592
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 170050 210554ce3ebf4958db65abc22886a604
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 1702182 ff4b37412322f4e17c360b90acd21d86
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 1347584 9c0e4ac80a3af279ac3bcb4ce5f20cc5
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
Size/MD5: 171700 69bc5febb49cfb2082897beac7137ef4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 1614570 a11713f48746d737a030a9952c932453
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 226878 e2a19eb162016210faf2a0114e24c373
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 168172 e7d47bf2bd7e52362b0b6f3163552aff
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 1555620 eb28867580922dd40a17229f44e05d2d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 1246668 5db32ffab79ac41cc59ccc4031f07296
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_i386.deb
Size/MD5: 167086 d18e7867ec2a7525dd506cb2d1a622fb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 1619566 a7482b2b79145d9057dd7e9732ab5f3f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 251276 e83357186921572b87655690278b1213
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 162204 e7308053ac5829460a013872b8b1cc49
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 1905462 cb7f66550b75283eda721835ab4c932e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 1283510 184890bdf2b5d49f58979e58c31f2128
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
Size/MD5: 166092 ccaaf9aec42105b3f5a7af4e4e57a60c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 1615182 029dc2b26ee3f43c351d194edb594f51
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 229030 1fdd60f6c3c0d5129f3a371c981d15a0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 167030 8be206f32a61cf973660b5f06d53c2e9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 1807156 0b98f302cb8303b0cedbadd04d89444a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 1343110 3ecfeb730455ebca16d786e0bd403610
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
Size/MD5: 168794 7ceaa705e2fbbd0f664e8fcfc98bd648
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists