[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050118170035.GB9816@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-62-1] imagemagick vulnerability
===========================================================
Ubuntu Security Notice USN-62-1 January 18, 2005
imagemagick vulnerability
CAN-2005-0005
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
imagemagick
libmagick6
The problem can be corrected by upgrading the affected package to
version 5:6.0.2.5-1ubuntu1.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Andrei Nigmatulin discovered a potential buffer overflow in the
PhotoShop Document image decoding function of ImageMagick. Decoding a
malicious PSD image which specifies more than the allowed 24 channels
might result in execution of arbitrary code with the user's
privileges.
Since ImageMagick can be used in custom printing systems, this also
might lead to privilege escalation (execute code with the printer
spooler's privileges). However, Ubuntu's standard printing system does
not use ImageMagick, thus there is no risk of privilege escalation in
a standard installation.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.diff.gz
Size/MD5: 129613 75352895a302e3f3723d9cd406777f7b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.dsc
Size/MD5: 874 8fd92a6825c03eec507f03c5b933ecc3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 1366208 c2be7fe40f56510b730c8d978e15d5fa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 226522 fa3f732d24cd647e1ace4b376f1bb7f7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 161096 bd4a4038b4df6bec15a830142bc7ba7a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 1519992 6d374d3d29c3e1000996999aec3b33b1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 1167334 5f8b7b2640ba6d14b17ed0912291ddc3
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_amd64.deb
Size/MD5: 138710 f7cef8050c694e474ccf9261378ba30f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 1366118 f607e0df49c6135b5102a709bc2cdb86
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 206634 55e3d9f8c4d0d7464cdbc7605af94686
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 162832 c900291894be3775990daf17e592137f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 1425788 780ff037e17809b06ecdee21a39d9228
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 1115830 42a211f5e1c07f4c0fd820c30c01c497
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_i386.deb
Size/MD5: 137272 a977911d2f48337e64ab72f119f51dc2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 1371386 9eadcc224574cbcc5a5ca9d7c82dcdc0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 225288 e0f72079ba0c18ae6bc31d5e85c940aa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 154596 add2a438f6f9635bce870a40c8577c86
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 1660674 bb2a732f815bf30e96ac4b4557b0c595
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 1151774 35cf821f073d7ed882a8c4c6d94365da
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_powerpc.deb
Size/MD5: 136202 f8859166433ecc7b0bdc5ffa76ce8395
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050118/6fb5ea19/attachment.bin
Powered by blists - more mailing lists