Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-7-1: imagemagick vulnerability
Posted by Philipp Esselbach on: 10/27/2004 03:40 AM [ Print | 0 comment(s) ]
An imagemagick security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-7-1 October 27, 2004
imagemagick vulnerability
CAN-2004-0981
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libmagick6
The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-7-1 October 27, 2004
imagemagick vulnerability
CAN-2004-0981
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libmagick6
The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.
Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1.diff.gz
Size/MD5: 128252 ec2de08007787f6dceb8048fa381c269
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1.dsc
Size/MD5: 874 fbd1bde2b883b5e1f6d3c3608baf97f2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1365882 4a7e2a576a514058945e26a1fbfbaf61
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 226096 8a0cb4adfa863f7917494539793cad37
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 160490 58a31d1a58a09e11135d6864afe07dd6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1518994 1e261e47415a33e272c906c69b72be9f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1166704 334a3099dce3e9ca8aa5b450452339a9
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 138348 9e58147cb448c7cb74916f5ff5638c52
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1365782 da2ebba8bac45b8fb83033aa7d530c57
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 206254 9f762b26048e7ad4dc208834f6d77312
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 162540 eb64e055ba51901960dde16af468bbdc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1425038 e50228507fdfbefcd6176b756040bca4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1115170 8af906dc32e2dee6a5c171dc0444557f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 136900 41773f2582175646942845dc28c44011
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1371144 f0d39986f275d1119268da7affcc34e3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 224970 15be8f07f8a697d6665f27d504dba9f1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 154292 386fca02c1a14d5e5376c1dde3b3cdbb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1659816 15078f23f6626d1ccb01ad6d2f6f58d6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1151174 0d4aa571620cf6c27f6b5deaf392887c
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 135840 4b5d9556339726e1cb277abd0c2692f6
A buffer overflow in imagemagick's EXIF parsing routine has been discovered in imagemagick versions prior to 6.1.0. Trying to query EXIF information of a malicious image file might result in execution of arbitrary code with the user's privileges.
Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use imagemagick, thus there is no risk of privilege escalation in a standard installation.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1.diff.gz
Size/MD5: 128252 ec2de08007787f6dceb8048fa381c269
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1.dsc
Size/MD5: 874 fbd1bde2b883b5e1f6d3c3608baf97f2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1365882 4a7e2a576a514058945e26a1fbfbaf61
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 226096 8a0cb4adfa863f7917494539793cad37
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 160490 58a31d1a58a09e11135d6864afe07dd6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1518994 1e261e47415a33e272c906c69b72be9f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 1166704 334a3099dce3e9ca8aa5b450452339a9
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_amd64.deb
Size/MD5: 138348 9e58147cb448c7cb74916f5ff5638c52
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1365782 da2ebba8bac45b8fb83033aa7d530c57
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 206254 9f762b26048e7ad4dc208834f6d77312
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 162540 eb64e055ba51901960dde16af468bbdc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1425038 e50228507fdfbefcd6176b756040bca4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 1115170 8af906dc32e2dee6a5c171dc0444557f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_i386.deb
Size/MD5: 136900 41773f2582175646942845dc28c44011
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1371144 f0d39986f275d1119268da7affcc34e3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 224970 15be8f07f8a697d6665f27d504dba9f1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 154292 386fca02c1a14d5e5376c1dde3b3cdbb
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1659816 15078f23f6626d1ccb01ad6d2f6f58d6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1151174 0d4aa571620cf6c27f6b5deaf392887c
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.1_powerpc.deb
Size/MD5: 135840 4b5d9556339726e1cb277abd0c2692f6
