[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060817062157.GE5168@piware.de>
Date: Thu, 17 Aug 2006 08:21:57 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-337-1] imagemagick vulnerability
===========================================================
Ubuntu Security Notice USN-337-1 August 16, 2006
imagemagick vulnerability
CVE-2006-4144
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libmagick6 6:6.0.6.2-2.1ubuntu1.3
Ubuntu 5.10:
libmagick6 6:6.2.3.4-1ubuntu1.2
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Damian Put discovered a buffer overflow in imagemagick's SGI file
format decoder. By tricking an user or automated system into
processing a specially crafted SGI image, this could be exploited to
execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3.diff.gz
Size/MD5: 142677 fd571adfe56408f991b2c816017cf99a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3.dsc
Size/MD5: 899 03499d79b2598188aeed4d675a781621
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
Size/MD5: 6824001 477a361ba0154cc2423726fab4a3f57c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 1466446 951c781851cb2023629084c320f27f31
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 228950 2ae0b0323dd8d49423ccc99d5293509f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 163766 32b42d2a5886308665b81757e7cc9fea
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 1550996 b8c5784d2a408c51976a51efb64b91cb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 1195008 3a44a8aa41e632c0165bb92417ec8e8e
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_amd64.deb
Size/MD5: 231998 fb35a4c87a61fd940bad44e1ac252bc6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 1465132 ac647b62c6e5f9e34771c53ea4f95b3a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 209004 090e70f26210c13b757f22e92b4a7715
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 164444 028ef96e5345d9ff5076ffdca282f7cf
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 1453742 f22685b0fa9c4a95c75c18e86da2f6f7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 1140388 23dee77028dcadda74f88e593f74667f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_i386.deb
Size/MD5: 232380 2069490a09127e7716e07db3388fcd5e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 1471902 e0e5b999a4855b1e68025ea1ae0ed6bd
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 227950 c9b575d8457e3959ddba0dd10702c6c4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 156916 de040332421f78eb8b9ce9990d9bef6e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 1685878 d5aebf65a7ae1e6281ccad831c0a7e4c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 1169788 b5defbd03f07d943029244120ae3c2d0
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.3_powerpc.deb
Size/MD5: 270738 60bc3332ec1b6c371e0fa38798968776
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2.diff.gz
Size/MD5: 142085 7b973398b10d82e4fdb7be54445622e4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2.dsc
Size/MD5: 899 2f7b1b60ea31054cf86e1accd4a8c535
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 1333828 402c5bb86216403a41d90eb3f50c3f9e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 259204 19feb46464c2e7767a93e0718ece6b5e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 171276 397c42b13ca901fbc8206a658d9e1b0b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 1670248 a58147070a17de32543ea27e86296c97
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 1320174 66faa4b1c3a5d728d5452cdf8cab677d
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_amd64.deb
Size/MD5: 169260 7414698558a84813a6eb8adc6a6a9ff1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 1332758 331c360e7294118a3050b6c580f239d2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 235606 77a528c49d267b58012325b95b95523a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 170498 75d10d65910d7e9d3154055e3c4eb1c9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 1521498 dd23d471046d8f8b982a449855128451
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 1223932 a1e841bb95b79a0631f85fc1a4417b8d
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_i386.deb
Size/MD5: 164586 ca6858f8f25c20cf595ba5c67ec5e457
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 1337520 21e4af590f132720b28fbb7801ca438c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 260106 09071a2b088d7bc3b1dae6fc1aff1853
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 163746 fdbd89a612677917ce7aa593496732ce
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 1873692 cea3f005f04ccdca23794df31635eef6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 1257712 6ffa12effbf8a79609eb8a607ed17011
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_powerpc.deb
Size/MD5: 163730 001f9604308b314a0b73ef292ab46c67
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 1332974 3cf85ba36a8ff1a29cf4ed8291e1c6c8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 236742 51e90aed374892c075b71ccc8c190d8e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 168570 df4a23e51a57e81c720780cef8008c42
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 1781720 2c6e2b5d2a4cb72fb48ee43b006f6a80
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 1323248 820b125811aceb6254c91619ccee28da
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.2_sparc.deb
Size/MD5: 166050 52e45dbd665d7cfa99c86751074fb6bf
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1.diff.gz
Size/MD5: 33405 9a7333ad2f858b0f4083454bea41fd29
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1.dsc
Size/MD5: 916 d13b569997564965e8a38027d6a0baad
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 1615680 69c1b5e2a368a2815bbea930c6b16252
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 249044 32d1db6495f67b72a0677045e78ffe1e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 169968 a6d4579db19d4071a9a1fe0f34bc3c72
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 1701710 8c21c485e94c8d81825afc4ef7a818f2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 1347256 7230a771c47d3c6fa10badb9a73c78f4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_amd64.deb
Size/MD5: 171570 ec88df84e25772a2ce62072c69804f59
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 1614438 a5cf3ad68425e26344c2f19641bcbc60
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 226744 fb3b93cdadc5780e22e7236d7ccac921
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 167962 9345792bd76fd8424d6f89a58a9097a0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 1555220 2d9570bf3abc226ca92897cdef24705e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 1246256 d914887f1bb4288e002a0b511067f235
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_i386.deb
Size/MD5: 166952 93f3889de4c7b8fbc4ba54ba27287e28
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 1619400 65c17bd1137517aa5e5a0f26d78647ba
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 251182 72a7340ebe060b2f629b77ce2c04cbee
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 162052 f66d02bdcc0a0192f904d6eb3ab3572a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 1905114 c35174459aac69cbb71d940aefad7907
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 1283172 78487bcc3bdcf4fbdf6b5f79ede47b22
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_powerpc.deb
Size/MD5: 165948 d1571d99fc1d4409654d6593d9d1b53b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 1615006 5df74bd1f2cb4b95d3678cc002147b60
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 228940 446764f3422c267060b1641ba3d8c283
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 166876 443b722a2b9611bc56c80837b2f136a5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 1807002 1a8632bec32036edf891741a4d74e73e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 1342918 0dfb85040b849e217481b73f3a7fd071
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.1_sparc.deb
Size/MD5: 168660 64db6bc04cb5ca2f73988d1670a9193e
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists