lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041130212950.GA8663@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-35-1] imagemagick vulnerabilities

===========================================================
Ubuntu Security Notice USN-35-1		  November 30, 2004
imagemagick vulnerabilities
CAN-2004-0827
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libmagick6

The problem can be corrected by upgrading the affected package to
version 5:6.0.2.5-1ubuntu1.2.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Markus Meissner discovered several potential buffer overflows in some
image decoding functions of ImageMagick. Decoding a malicious BMP or
DIB image or AVI video might result in execution of arbitrary code
with the user's privileges.

Since imagemagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use imagemagick, thus there is no risk of privilege escalation in
a standard installation.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.2.diff.gz
      Size/MD5:   129147 63fe5ab147f4dba8ab2495b6c21fc5bd
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.2.dsc
      Size/MD5:      874 a6da1dc5f7ce027888f151f11ac0493c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
      Size/MD5:  6700454 207fdb75b6c106007cc483cf15e619ad

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:  1366096 bc4da19d516fc9ce80f57c32d69d88ef
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:   226322 c59c82b60fa3781ccbba148fe511c9a5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:   160862 9e53e329bfa50a7fc72ae53e360c8d51
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:  1519752 2824a66a42730a88ecc4a2d6743d694d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:  1167166 e98823791906df0e7655567dc299c627
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.2_amd64.deb
      Size/MD5:   138556 894d45bd02ddb0022142590133d6c3b2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:  1366046 426f6717944ede96d9fd780fc40207db
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:   206444 ba6c5f9d5e3e7699d203a40ef9882972
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:   162718 93af40dbe8034f3966235d6b35727b71
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:  1425506 8d3eb3de23703d6fa6b12b422bad7095
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:  1115510 1b371da13b93d04345f0f5b6d90c7cb9
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.2_i386.deb
      Size/MD5:   137114 ed826eff686a450aeaa2ba51c27af79f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:  1371278 c32faf213bd007b37ea41ad236cabfd2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:   225146 65cf965a7797ce0ca45804e1632ac896
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:   154478 74135a69b0062c3fc7bce3b0140d8c2f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:  1660458 e67eeea3e4deaa56cffed149dc5c60a4
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:  1151488 d5e7e6142b9bc57dd17e34a29a4cad49
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.2_powerpc.deb
      Size/MD5:   136048 01150226f53e882d2f427a155e811005
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041130/bd8f3a8b/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ