[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1228151468.9860.3.camel@mdlinux.technorage.com>
Date: Mon, 01 Dec 2008 12:11:08 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-681-1] ImageMagick vulnerability
===========================================================
Ubuntu Security Notice USN-681-1 December 01, 2008
imagemagick vulnerability
CVE-2008-1096
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
imagemagick 6:6.2.4.5-0.6ubuntu0.8
Ubuntu 7.10:
imagemagick 7:6.2.4.5.dfsg1-2ubuntu1.1
After a standard system upgrade you need to restart any applications that
use ImageMagick, such as OpenOffice.org and Inkscape, to effect the
necessary changes.
Details follow:
It was discovered that ImageMagick did not correctly handle certain
malformed XCF images. If a user were tricked into opening a specially
crafted image with an application that uses ImageMagick, an attacker
could cause a denial of service and possibly execute arbitrary code with
the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz
Size/MD5: 42513 e496b5beeaca8ffaf73792efc552bb75
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc
Size/MD5: 922 18af22ef2d20f02bc71a2b4d525101ba
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 1616784 e140ab1826153433380bf0e087401ce5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 249840 b52af42a36a2e6aeded4f0e1bdc3c7c5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 170776 f99388b02f4989d6b3d98886ecef69e3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 1705392 9de94091eb1cf8a31b28516c1444cd94
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 1349700 a0712e9eefe0c2d2e8e59a5920dd8821
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
Size/MD5: 172600 affa28f951b642bf64cdfdb4153b193d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 1615502 34f7ed99bbdaed2247321395623e9e6c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 227826 8308c202b96c1960fd352b4a011ba290
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 169702 1380b74079bf68498434229be87ba197
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 1558588 edfc14ac9018b3e6f4e303e83af74637
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 1250130 72e586dfbe9bcb0602a37eadcce574bc
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb
Size/MD5: 167964 2bc1e8c08d403321df20868c6a646bfd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 1620342 50b2274fd75d9f8fe2c78d9bb9aad4be
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 252100 d0073b909c9073b4108272cf58724bb2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 163178 228bf2af722438ff3584bb85075cf956
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 1909532 b7d8d5fbdac11cc2bb8df9faffb6592d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 1285690 d1a834cc502a2ae7a8c0a805da80fd83
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
Size/MD5: 166968 8c568ce0d4d7ab9f46e681f0f5c80b8f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 1616114 80af67cc6405b2f9744a66f62ab7e35b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 229934 8069e7cc0272505907654484c0083400
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 168044 bec93b0a4e03bf308c0e5e73649c0267
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 1810056 df876fb99e74ac4efce39d6292fc7ed1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 1345938 6860ae7d2d44f88534954fa0bb13bf88
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
Size/MD5: 169680 b4484481d95850f256bdb2b74d7d55cb
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz
Size/MD5: 102763 811963207b510b778d0d7dfe587f51b5
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc
Size/MD5: 1161 cdd5a298b1e72c812040be67afcf3133
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 741190 22a0f42c8fe6bf82b7e588a10960c7e6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 250830 d7fe4b4df55c1ac4f9b4628492e12f38
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 190196 3c81b936c68598a798eeee0e64c11eee
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 1690802 49383fd5daeff5e035e4b31e8d697209
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 1344812 1ff84f6ba161d153669c2078008c60c9
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 174500 c22f3e517108a16ee1cf2f6515cf6a59
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 740024 1a3c4a2e1a4c08dc88c0021161b27aea
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 229606 30526dfa6efafe965c388b2f4bfa2a86
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 193348 606db68900dacebf677d179810e72400
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 1595204 4e55cb3cd9cf80b3ca1c208e4483baeb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 1299758 a5f58f9b23fc018b3f16d5ef6022d7e9
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 170004 33cc347f9ae218ee1cff56038037572b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 231664 05864c90d9a8eef57b1601ce729e2a9f
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 189572 dffbb7faddc85df1c040d770daa4bbf3
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 1612224 a9ef6f4e75bdba532245861cf885ea44
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 1303844 e1d3379589cdce724db0ea694e6ced24
http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 174134 983b86da5547223294ba688951168c5b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 748896 1f782e8b18ef490a011058c1b2856503
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 253594 c76d8b774405138a6d13f1cf38779a51
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 202724 c0524feeace6bc5596ddc470cfdebeac
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 1923526 63ee716b9cd22f6ee313d2e64989d4c8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 1358750 5818d6912d7d440f5ffaf80c6dd7dfd3
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 173422 9a8dda1198866d8f2f9c3a78522e8af2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 741060 b7a79b518707f40a45cb8962406cecab
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 230760 af528afb7d77f825fea574a66e528a04
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 193168 ce61ffd320fd022743da316b2a889dd3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 1858960 98309e6cca4b1c979a84c022988d271c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 1399932 fb4cde1381eacc9357f52ddd607aef4f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 175946 65ea96b9ebfc22fd9eea8daee44f38d4
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists