[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071003231102.GB10703@outflux.net>
Date: Wed, 3 Oct 2007 16:11:02 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-523-1] ImageMagick vulnerabilities
===========================================================
Ubuntu Security Notice USN-523-1 October 03, 2007
imagemagick vulnerabilities
CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.7
Ubuntu 6.10:
libmagick9 7:6.2.4.5.dfsg1-0.10ubuntu0.4
Ubuntu 7.04:
libmagick9 7:6.2.4.5.dfsg1-0.14ubuntu0.2
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
Multiple vulnerabilities were found in the image decoders of ImageMagick.
If a user or automated system were tricked into processing a malicious
DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary
code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7.diff.gz
Size/MD5: 42229 8120c33149c2ec1c1f3b59a3882630fd
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7.dsc
Size/MD5: 914 941dd3ec1f2c513843062bc7c769454c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 1616632 d4deb50c1b1843ebe5ada38c3b56a3a2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 249720 bbdbb608c3dde24b5a423bfca415a704
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 170604 c42f9f23d935cbe5de06b4d9e7facce6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 1705106 ee5cfdd6a9fe9f3d3404295a8f39197c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 1349578 d70c6512fafb8d10bdfc53084f6f9fd2
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_amd64.deb
Size/MD5: 172456 73aaae0a55239d0d7a5ce4220490a881
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 1615386 bade96979da7e0960b3516d8e09459d1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 227720 51be8028e21b2c750e8ea413b66a3543
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 169462 fa5d5893963efd82c52334c555782fa2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 1558274 99314fcb246c64ad52dce43b7d66f247
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 1249796 f033bc31f42bdd6e3122846b600490e3
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_i386.deb
Size/MD5: 167824 10d861f2a6bc25de801997490ead6ae9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 1620294 5ebba88fe11c95a1309c3e8afabbc999
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 251980 661548d888e99f8a0842d7d498270fa2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 162972 e987bb72d7a5b08bd2cb2d4172536d09
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 1909248 02be55420fcb300581026237a5523e79
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 1285474 60c5e4cc95c31d1d9a4a47c1eb2f1c76
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_powerpc.deb
Size/MD5: 166824 d96be3a8faf3087f5e063dff516aec77
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 1615976 87e20f2a19bb9eae8498d1567d249215
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 229814 6c9bc836e4539d9e9f67e821c0b2f358
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 167896 0f19a91b4d3cf2f0cf07c4f307818dfa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 1809740 423f679061471f7686164a4f2119fa0e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 1345726 be4ec16609353a9b2dced58772823711
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_sparc.deb
Size/MD5: 169522 f15fc28c9846701bbeb3150cbb63f42c
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4.diff.gz
Size/MD5: 94150 c406a03d15a72c8219076b177d733efd
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4.dsc
Size/MD5: 953 2ba54bda9ac1130a7c0026d0c75e1195
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 743208 6472383510d01ce766bd48c976dd94ca
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 248166 fd907ef5c6b8b34ff95820c9000cd8be
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 170656 d19b82c361f2fc0efc650eb06ef1cbb4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 1685696 96a0ae5c4efd53b9885aa927c3d88d7b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 1331462 2c2ae39783fd161182a37c77fd381983
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb
Size/MD5: 172676 e8368688e5e0c1dd8c0d0b73429b7eaa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 742702 8674afb1cd17ed0d0a84b28149ee00cb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 227678 0544b89e5040976e7dd2a9dbb137c15f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 169778 4b038eb5a37a87c977ea79df858211e2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 1592776 ed93c84228f312ebde2d3fcbaae0fc9b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 1286692 50807ec57d937f19654c0f82e7f9ccf2
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb
Size/MD5: 168206 66185c7acdf25b81a8e599aedff286cb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 746562 0d5e437a042a23985caf9dd6e59d7548
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 251904 1a9b8931aa3ce8f622076590c185f283
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 163224 4cbbd2435cd5c59ce2404fe5195c80c2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 1921112 d1f8ef2b8304c32795690a387eb93e1a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 1297810 d92eb04f586a24b26174b957d6bb16e2
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb
Size/MD5: 168892 6916929ea46391deaa92b27545a54525
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 742736 e96324230644733315a1ea84b0abdf10
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 229538 938da3f1037199e94da3862cc6c9bd47
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 168252 576d312de827f94ea1741b1229d80bdc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 1856882 a96a99caf2a1da0da1f795b4b3ea2002
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 1384388 9ab8aafc61248392aefcc2053c946692
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb
Size/MD5: 174394 f2e60838cb8482b4bd6734f171299313
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2.diff.gz
Size/MD5: 96096 38a3c71f92a8bcefae28e870d7772e15
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2.dsc
Size/MD5: 1119 d40113bf0a051e434d614fca74c37af3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 740384 cda2c2e417cc11cbe91bf307460af628
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 248398 4969f6832002108c4a695b73387172fb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 188416 eccb8048a8c954e94eaf08b22c810a7d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 1686218 8a3ab9db9b425b1a2be2970dd1fe9641
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 1342718 b4c8ab3a699e291133fe5238abdbf50a
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb
Size/MD5: 173488 64528e0e9592f146eadfe5540c59bef1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 739304 0caa7730df5d710fb876038aed038557
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 228056 3aa8a19647803bf707d56462c208ab80
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 192456 57812265e2ad9f663946b419e4bbb9a4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 1593102 3729f1ee62a869d776c04a47f79419fc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 1298944 3a9dee8633132e4f3dc60eb90df2f60c
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb
Size/MD5: 169122 a72c856f0cb2d21edb2e72982a079534
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 748292 777ba82a6f15486175f925c6c796e264
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 252400 b73aa1033131262232149a5c0158dd4f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 202016 e2f56ce89c6fba93a5e4de5fbe3cf022
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 1919668 b680f2c8f557932064238fd60c878f8d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 1357236 271e83346ed64b9955646338a54a39f8
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb
Size/MD5: 172706 35a4bb14850902ced62351e601f1c0ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 740302 88a8ead7e434ee0761c403d38479bfc7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 229926 8f2dcb658c8d893a99657d4c6fabfcf8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 192604 ac085df1fece347cf401bcd3805a65a7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 1855566 45c09f03226894dc59e95a7559a48d3f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 1395968 5b77017d497dea65fe667f1b5cde3552
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb
Size/MD5: 175096 fd8e49f508cf99a09a9d7d2f50a3e838
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists