lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060817062157.GE5168@piware.de>
Date: Thu, 17 Aug 2006 08:21:57 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-337-1] imagemagick vulnerability

=========================================================== 
Ubuntu Security Notice USN-337-1            August 16, 2006
imagemagick vulnerability
CVE-2006-4144
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libmagick6                               6:6.0.6.2-2.1ubuntu1.3

Ubuntu 5.10:
  libmagick6                               6:6.2.3.4-1ubuntu1.2

Ubuntu 6.06 LTS:
  libmagick9                               6:6.2.4.5-0.6ubuntu0.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Damian Put discovered a buffer overflow in imagemagick's SGI file
format decoder. By tricking an user or automated system into
processing a specially crafted SGI image, this could be exploited to
execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3.diff.gz
      Size/MD5:   142677 fd571adfe56408f991b2c816017cf99a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3.dsc
      Size/MD5:      899 03499d79b2598188aeed4d675a781621
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:  1466446 951c781851cb2023629084c320f27f31
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:   228950 2ae0b0323dd8d49423ccc99d5293509f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:   163766 32b42d2a5886308665b81757e7cc9fea
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:  1550996 b8c5784d2a408c51976a51efb64b91cb
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:  1195008 3a44a8aa41e632c0165bb92417ec8e8e
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_amd64.deb
      Size/MD5:   231998 fb35a4c87a61fd940bad44e1ac252bc6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:  1465132 ac647b62c6e5f9e34771c53ea4f95b3a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:   209004 090e70f26210c13b757f22e92b4a7715
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:   164444 028ef96e5345d9ff5076ffdca282f7cf
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:  1453742 f22685b0fa9c4a95c75c18e86da2f6f7
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:  1140388 23dee77028dcadda74f88e593f74667f
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_i386.deb
      Size/MD5:   232380 2069490a09127e7716e07db3388fcd5e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:  1471902 e0e5b999a4855b1e68025ea1ae0ed6bd
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:   227950 c9b575d8457e3959ddba0dd10702c6c4
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:   156916 de040332421f78eb8b9ce9990d9bef6e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:  1685878 d5aebf65a7ae1e6281ccad831c0a7e4c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:  1169788 b5defbd03f07d943029244120ae3c2d0
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_powerpc.deb
      Size/MD5:   270738 60bc3332ec1b6c371e0fa38798968776

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2.diff.gz
      Size/MD5:   142085 7b973398b10d82e4fdb7be54445622e4
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2.dsc
      Size/MD5:      899 2f7b1b60ea31054cf86e1accd4a8c535
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
      Size/MD5:  5769194 7e9a3edd467a400a74126eb4a18e31ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:  1333828 402c5bb86216403a41d90eb3f50c3f9e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:   259204 19feb46464c2e7767a93e0718ece6b5e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:   171276 397c42b13ca901fbc8206a658d9e1b0b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:  1670248 a58147070a17de32543ea27e86296c97
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:  1320174 66faa4b1c3a5d728d5452cdf8cab677d
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_amd64.deb
      Size/MD5:   169260 7414698558a84813a6eb8adc6a6a9ff1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:  1332758 331c360e7294118a3050b6c580f239d2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:   235606 77a528c49d267b58012325b95b95523a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:   170498 75d10d65910d7e9d3154055e3c4eb1c9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:  1521498 dd23d471046d8f8b982a449855128451
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:  1223932 a1e841bb95b79a0631f85fc1a4417b8d
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_i386.deb
      Size/MD5:   164586 ca6858f8f25c20cf595ba5c67ec5e457

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:  1337520 21e4af590f132720b28fbb7801ca438c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:   260106 09071a2b088d7bc3b1dae6fc1aff1853
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:   163746 fdbd89a612677917ce7aa593496732ce
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:  1873692 cea3f005f04ccdca23794df31635eef6
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:  1257712 6ffa12effbf8a79609eb8a607ed17011
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_powerpc.deb
      Size/MD5:   163730 001f9604308b314a0b73ef292ab46c67

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:  1332974 3cf85ba36a8ff1a29cf4ed8291e1c6c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:   236742 51e90aed374892c075b71ccc8c190d8e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:   168570 df4a23e51a57e81c720780cef8008c42
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:  1781720 2c6e2b5d2a4cb72fb48ee43b006f6a80
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:  1323248 820b125811aceb6254c91619ccee28da
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_sparc.deb
      Size/MD5:   166050 52e45dbd665d7cfa99c86751074fb6bf

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1.diff.gz
      Size/MD5:    33405 9a7333ad2f858b0f4083454bea41fd29
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1.dsc
      Size/MD5:      916 d13b569997564965e8a38027d6a0baad
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:  1615680 69c1b5e2a368a2815bbea930c6b16252
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:   249044 32d1db6495f67b72a0677045e78ffe1e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:   169968 a6d4579db19d4071a9a1fe0f34bc3c72
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:  1701710 8c21c485e94c8d81825afc4ef7a818f2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:  1347256 7230a771c47d3c6fa10badb9a73c78f4
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_amd64.deb
      Size/MD5:   171570 ec88df84e25772a2ce62072c69804f59

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:  1614438 a5cf3ad68425e26344c2f19641bcbc60
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:   226744 fb3b93cdadc5780e22e7236d7ccac921
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:   167962 9345792bd76fd8424d6f89a58a9097a0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:  1555220 2d9570bf3abc226ca92897cdef24705e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:  1246256 d914887f1bb4288e002a0b511067f235
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_i386.deb
      Size/MD5:   166952 93f3889de4c7b8fbc4ba54ba27287e28

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:  1619400 65c17bd1137517aa5e5a0f26d78647ba
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:   251182 72a7340ebe060b2f629b77ce2c04cbee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:   162052 f66d02bdcc0a0192f904d6eb3ab3572a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:  1905114 c35174459aac69cbb71d940aefad7907
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:  1283172 78487bcc3bdcf4fbdf6b5f79ede47b22
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_powerpc.deb
      Size/MD5:   165948 d1571d99fc1d4409654d6593d9d1b53b

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:  1615006 5df74bd1f2cb4b95d3678cc002147b60
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:   228940 446764f3422c267060b1641ba3d8c283
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:   166876 443b722a2b9611bc56c80837b2f136a5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:  1807002 1a8632bec32036edf891741a4d74e73e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:  1342918 0dfb85040b849e217481b73f3a7fd071
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_sparc.deb
      Size/MD5:   168660 64db6bc04cb5ca2f73988d1670a9193e


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ