lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050118170035.GB9816@box79162.elkhouse.de> From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-62-1] imagemagick vulnerability =========================================================== Ubuntu Security Notice USN-62-1 January 18, 2005 imagemagick vulnerability CAN-2005-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: imagemagick libmagick6 The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.3. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Andrei Nigmatulin discovered a potential buffer overflow in the PhotoShop Document image decoding function of ImageMagick. Decoding a malicious PSD image which specifies more than the allowed 24 channels might result in execution of arbitrary code with the user's privileges. Since ImageMagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use ImageMagick, thus there is no risk of privilege escalation in a standard installation. Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.diff.gz Size/MD5: 129613 75352895a302e3f3723d9cd406777f7b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3.dsc Size/MD5: 874 8fd92a6825c03eec507f03c5b933ecc3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 1366208 c2be7fe40f56510b730c8d978e15d5fa http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 226522 fa3f732d24cd647e1ace4b376f1bb7f7 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 161096 bd4a4038b4df6bec15a830142bc7ba7a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 1519992 6d374d3d29c3e1000996999aec3b33b1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 1167334 5f8b7b2640ba6d14b17ed0912291ddc3 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_amd64.deb Size/MD5: 138710 f7cef8050c694e474ccf9261378ba30f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 1366118 f607e0df49c6135b5102a709bc2cdb86 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 206634 55e3d9f8c4d0d7464cdbc7605af94686 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 162832 c900291894be3775990daf17e592137f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 1425788 780ff037e17809b06ecdee21a39d9228 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 1115830 42a211f5e1c07f4c0fd820c30c01c497 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_i386.deb Size/MD5: 137272 a977911d2f48337e64ab72f119f51dc2 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 1371386 9eadcc224574cbcc5a5ca9d7c82dcdc0 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 225288 e0f72079ba0c18ae6bc31d5e85c940aa http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 154596 add2a438f6f9635bce870a40c8577c86 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 1660674 bb2a732f815bf30e96ac4b4557b0c595 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 1151774 35cf821f073d7ed882a8c4c6d94365da http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.3_powerpc.deb Size/MD5: 136202 f8859166433ecc7b0bdc5ffa76ce8395 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050118/6fb5ea19/attachment.bin
Powered by blists - more mailing lists