lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050118170035.GB9816@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-62-1] imagemagick vulnerability

===========================================================
Ubuntu Security Notice USN-62-1		   January 18, 2005
imagemagick vulnerability
CAN-2005-0005
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

imagemagick
libmagick6

The problem can be corrected by upgrading the affected package to
version 5:6.0.2.5-1ubuntu1.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Andrei Nigmatulin discovered a potential buffer overflow in the
PhotoShop Document image decoding function of ImageMagick. Decoding a
malicious PSD image which specifies more than the allowed 24 channels
might result in execution of arbitrary code with the user's
privileges.

Since ImageMagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use ImageMagick, thus there is no risk of privilege escalation in
a standard installation.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.diff.gz
      Size/MD5:   129613 75352895a302e3f3723d9cd406777f7b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.dsc
      Size/MD5:      874 8fd92a6825c03eec507f03c5b933ecc3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
      Size/MD5:  6700454 207fdb75b6c106007cc483cf15e619ad

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:  1366208 c2be7fe40f56510b730c8d978e15d5fa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:   226522 fa3f732d24cd647e1ace4b376f1bb7f7
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:   161096 bd4a4038b4df6bec15a830142bc7ba7a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:  1519992 6d374d3d29c3e1000996999aec3b33b1
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:  1167334 5f8b7b2640ba6d14b17ed0912291ddc3
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_amd64.deb
      Size/MD5:   138710 f7cef8050c694e474ccf9261378ba30f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:  1366118 f607e0df49c6135b5102a709bc2cdb86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:   206634 55e3d9f8c4d0d7464cdbc7605af94686
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:   162832 c900291894be3775990daf17e592137f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:  1425788 780ff037e17809b06ecdee21a39d9228
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:  1115830 42a211f5e1c07f4c0fd820c30c01c497
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_i386.deb
      Size/MD5:   137272 a977911d2f48337e64ab72f119f51dc2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:  1371386 9eadcc224574cbcc5a5ca9d7c82dcdc0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:   225288 e0f72079ba0c18ae6bc31d5e85c940aa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:   154596 add2a438f6f9635bce870a40c8577c86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:  1660674 bb2a732f815bf30e96ac4b4557b0c595
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:  1151774 35cf821f073d7ed882a8c4c6d94365da
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_powerpc.deb
      Size/MD5:   136202 f8859166433ecc7b0bdc5ffa76ce8395
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050118/6fb5ea19/attachment.bin

Powered by blists - more mailing lists