[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061128013619.GV7122@outflux.net>
Date: Mon, 27 Nov 2006 17:36:19 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-386-1] ImageMagick vulnerability
===========================================================
Ubuntu Security Notice USN-386-1 November 28, 2006
imagemagick vulnerability
CVE-2006-5868
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libmagick6 6:6.2.3.4-1ubuntu1.5
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI
file format decoder. By tricking a user or an automated system into
processing a specially crafted SGI image, this could be exploited to
execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5.diff.gz
Size/MD5: 144276 f71b4df055bac9231c6d4794256d5732
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5.dsc
Size/MD5: 899 0d1a0c35f2564b75e27af6a0a757f4c5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1334044 f1442ba90c54cfdd1dd0266828407376
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 259516 52c4772274427c11fe93dbc2ddb7445a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 171564 65bdac06e239398ee62f9ca67ce67e81
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1671240 27f858940a212d836d37f197e1d558a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 1320974 c92c95369bd473aacb1741aa986df746
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_amd64.deb
Size/MD5: 169642 7a89a61459b01be5af738d7694b6977c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1333074 ea2b1d5399c1a419ed9267f3ac8ec3e4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 236018 c3b15c5532ce75a066bd7acb21053d42
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 170892 9bb90b14ddfe5b083402b55220523ae7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1522170 254d36fb51155e07a65cf50f601fb90e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 1224904 55afca2d998171a389b0f485660361ab
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_i386.deb
Size/MD5: 164948 c366d85731e2bfe7e7d7d89586c094f6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1338026 a2df1ca024545fe1063712634f2fe411
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 260500 65b4ac7834603aef286b67c2bb3909e1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 164128 e5994c1f4c2820c2ce1fbb181cc608da
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1874614 5e3a953a21b30afd852e0e3d4f847329
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 1258432 3e2222299d98ae6b102fa55f4f2879a7
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_powerpc.deb
Size/MD5: 164090 419ffc1569e88008d0ce592d84fd09f0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1333274 89495b2b8d2a0ccda003983c7aa4f6db
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 237160 0fa436044e24fbd7fd46668adf54d4d8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 169068 21ddda496ae6571fd253f620c1f413ff
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1782496 c334cad8f7c7c61261e3b6f260f5642b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 1324138 7964183b384bb4499af877946ca17617
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.5_sparc.deb
Size/MD5: 166410 9b29cba341a3c614306c5cf79fdf6a32
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4.diff.gz
Size/MD5: 35503 22a98409b1626040601ef609b2422565
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4.dsc
Size/MD5: 914 ce09e6ff2f5312abe01eb8c2519ba982
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1616098 5aff32ee6d06a4ffae450b8e24d72cab
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 249280 e479fe98f23010e188aa4223d95a74e1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 170144 4f476605b89a199ac213167dd1d5477e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1702592 0dac576b130935bca9cb63b6c73a38a9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 1347986 2aeafd90dcb307d49aeac231dcbcef66
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_amd64.deb
Size/MD5: 171946 ca96ca3cfec1dc1bd78e45f3b198f88d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1614892 7ddc2989b4ebf3841fa9e06f2d7794a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 227128 ca9829f99fd35e1f8fbe1344d2cbabc7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 168498 23d8ffe52e57c13a20cc1aecc08a439e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1555966 bd23debc4d7803cf8b2ab5ead32e4d7b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 1247120 2c59b3f89970d4c77312948a30ebaa12
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_i386.deb
Size/MD5: 167310 a9ed294c57834eb2228ea32b85af28eb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 1619732 97cb89c8ce5e0e8378a29434f93c725e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 251472 7ff2a19b6112bdf2341ad83b6c8180d7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 162446 19ceac2db725b255eb53cfef09122732
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 1905982 dd93d9deb2d3c73df4a99f26e2b38cb8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 1283844 c74d5c533e5473fa2f7355f006786ad4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_powerpc.deb
Size/MD5: 166318 06e8b7a4327f7c8b916c8a1ddbed28b6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1615414 01bb86d55782b5fd8740374c9e591f8d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 229276 08e0696804312268381fb7ff9d68a567
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 167300 92fb400448110ffa689136e60c8e42d1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1807446 be2efd78d9b95b8610e40efa51068589
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 1343858 df210de3e91f2391b5a811b896266a3a
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.4_sparc.deb
Size/MD5: 169028 370a73f08c265367fb29e86cdc2139b0
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists