[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050523115611.GC7667@piware.de>
Date: Mon May 23 12:56:18 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-132-1] ImageMagick vulnerabilities
===========================================================
Ubuntu Security Notice USN-132-1 May 23, 2005
imagemagick vulnerabilities
CAN-2005-1275
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libmagick6
The problem can be corrected by upgrading the affected package to
version 5:6.0.2.5-1ubuntu1.5 (for Ubuntu 4.10), or
6:6.0.6.2-2.1ubuntu1.1 (for Ubuntu 5.04). In general, a standard
system upgrade is sufficient to effect the necessary changes.
Details follow:
Damian Put discovered a buffer overflow in the PNM image decoder.
Processing a specially crafted PNM file with a small "colors" value
resulted in a crash of the application that used the ImageMagick
library. (CAN-2005-1275)
Another Denial of Service vulnerability was found in the XWD decoder.
Specially crafted invalid color masks resulted in an infinite loop
which caused the application using the ImageMagick library to stop
working and use all available CPU resources.
(http://bugs.gentoo.org/show_bug.cgi?id=90423)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5.diff.gz
Size/MD5: 130449 c02f499e17af7bdc7e20651f531d6f70
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5.dsc
Size/MD5: 874 2c85338db7fb219d46978b3d7034cef9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 1366504 300e44bd4fdfb024f511a4e1f00908a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 226902 e8ec218cbe9b0a6d187696a2609dc006
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 161578 14d46a6f2b1d30a7cc57b33b0e73c465
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 1520140 eabde7fb9f1208c92feb36787bef78af
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 1167634 3c67ee284e541755dc4ee9c9a82ae614
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_amd64.deb
Size/MD5: 139044 838c0f7e9cc8cd96c7616b16ea78f957
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 1366466 d5590ce29af8fb21c8349803fa0755aa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 206932 5b878f85d710c2da75a60cfdd87f3447
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 163094 27ccf43826d9ed23da949f712a019b36
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 1426174 25c8b4aa242149de2b54b7dd2a3c7aa5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 1116184 203c946a3876e430519872333baeadb4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_i386.deb
Size/MD5: 137600 6f1922d6bc18a1992a764ba8128576e4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 1371666 cd874241ec322049be288e7dab4a2790
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 225576 efce83084feab4ed727b83e5ba4ee846
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 154876 bef014419439ccd039c3a5f34155e958
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 1661298 15b7df22219ef7c0ecf9802fdc2f62ee
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 1152446 09f41549e70af896a471af504f4a3525
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.5_powerpc.deb
Size/MD5: 136534 1cf6cb3b9ee27873c12d120c7b235882
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1.diff.gz
Size/MD5: 138620 8bf81a3e679b12e7c994ed5fac531e16
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1.dsc
Size/MD5: 899 1fd6a6ef5fe1f158deb7e981f1d855b9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Size/MD5: 6824001 477a361ba0154cc2423726fab4a3f57c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 1465932 cfb01cdafa71415b43ab345eb34720b4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 228396 054aec768c2a7d25738ad013fb06c4a8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 163140 ed09e5114b369f42f1af96601627c39c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 1549066 c81d3c22f966af1efcc41efdbb809298
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 1193758 3c700d63ff2912060761c54915ac143b
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_amd64.deb
Size/MD5: 231412 2104d80c4130e64bdd4360f9c3b3aa9f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 1464608 7d20e4741485ea6d37e4cf1874b7e5bf
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 208466 7d39a1624ecad4999bd281be7ee81f89
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 164078 f10524e48733247d1a1674085a58a5e8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 1452320 e86ea77a295af62066c2f8e515e299ac
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 1138784 5ae2f3417507afd8fd9d8a37dfc30fa7
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_i386.deb
Size/MD5: 231792 1e06c1b8b13319e58de749409ca8aa18
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 1471386 3d4daaff37a61d2e324167657d83f9aa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 227312 73500b414f1e654cbaef4f69e42f10bf
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 156352 bafbbf2008a203dff6122942a4dc7dbf
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 1683632 b6c0e0940922d7c14399f7e6515bdb47
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 1168576 de3c0b4120f612a09f732b5a21c25a1e
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.1_powerpc.deb
Size/MD5: 270166 4216e493a92d5b2aeac7c2786fc04fec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050523/ef403478/attachment.bin
Powered by blists - more mailing lists