[USN-422-1] ImageMagick vulnerabilities
Kees Cook
kees at ubuntu.com
Thu Feb 15 21:11:14 UTC 2007
===========================================================
Ubuntu Security Notice USN-422-1 February 15, 2007
imagemagick vulnerabilities
CVE-2006-5456, CVE-2007-0770
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libmagick6 6:6.2.3.4-1ubuntu1.6
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.5
Ubuntu 6.10:
libmagick9 7:6.2.4.5.dfsg1-0.10ubuntu0.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released
in USN-372-1, did not correctly solve the original flaw in PALM image
handling. By tricking a user into processing a specially crafted image
with an application that uses imagemagick, an attacker could execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6.diff.gz
Size/MD5: 144314 4655b61c5d8b43f04a534e4c8331928b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6.dsc
Size/MD5: 899 e476ed1969737372ab52b9bd601f76ce
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 1334084 526ee0b3f25f27bb1358c3b3bbc29709
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 259574 1be1e30b6df2bfdea0262818ab570116
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 171592 cef0e59f0d2b5037ad39ec326cbf65b0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 1671302 adfbd47bd7060126bb50004c292d6a24
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 1320970 4f19df18b99c187f8ff86b5401652262
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.6_amd64.deb
Size/MD5: 169712 4291cc2fe4367aba4c92498f77938106
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 1333094 2e0b6a39b93be5814d48063bba8bb7f6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 236070 674d2e259af3a2fad630f02820642734
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 170944 9f6227d93b494a826bfea0e445a326ec
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 1522158 bc6e2ada040080c9beef1ccdfa3ef38b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 1224998 ec20d79d64d613628c2759ca3efd09a4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.6_i386.deb
Size/MD5: 165010 50e990c715c8e4c6a86bcce923c28c14
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 1338060 9d6266f60531a5983917e018f91ba785
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 260554 b79d996c5e0445ce051e21e9d54c812e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 164178 2efbf33e1ff9a257d86a763be6b674ab
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 1874718 e95f151bf5711a00474a17647e2f2500
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 1258470 eab2b9aec08ef939110aa96840ba9be1
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.6_powerpc.deb
Size/MD5: 164160 41bf9d972f050f1d2702314325349693
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 1333298 5da39641b044e2ac60e0e4bad82b340e
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 237222 1d595eeae4a8df909a3870ff548de3c2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 169136 fd53be8707976644e2692b72cb8a67d8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 1782622 6ba9d45c0c52416e5afa44b3f75e3a52
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 1324114 af520b6650dd3abcb83f3dfc23d041b5
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.6_sparc.deb
Size/MD5: 166476 cb33be8b2a40ae1afb4205d9ce52f6bf
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5.diff.gz
Size/MD5: 35540 eba0ec0326dda417287299f773dd5c64
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5.dsc
Size/MD5: 914 2a4fb1ddf52c010cf3ed1a2cbb61b4f0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 1616140 54f161d4b7841a5bddcf41ac77303687
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 249360 0a78850317226b9e55077302a2629e52
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 170168 cc996a088707ffdf1c746000c1f1b838
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 1702680 6be99c5f72e1917535a75b4627f1c5d7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 1348106 06ae130473d3b0bde3c940d20cb8205f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.5_amd64.deb
Size/MD5: 171980 6e337e7dbe0623633e98e4294fc97d3e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 1614918 078554c7a6c027867936578a889bda08
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 227204 7520e4cb787ea0b654190f71154ead33
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 168596 e670796c636bec0984339e75792fcab7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 1556052 59cbcae3b3ca86cc06ea262f88a60d9d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 1246960 c991fa363b87e6a5dfa7e8250d6f1054
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.5_i386.deb
Size/MD5: 167354 49b3a076c24c4f81d3c623530130d1f0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 1619840 b9e1dc9ac66a49442f5470e7dcbd8da8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 251540 fccef94102fbdec96ac91f6d7931aed4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 162504 7ba056aa843700b9b9a75724e7ce68e4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 1906120 498514f26f93b2db806e987049268921
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 1283918 db9f72dbb4fdeb46f2d40dc793585d0f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.5_powerpc.deb
Size/MD5: 166362 edd44a23a002042f42edc22777635bcf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 1615452 897d3901396a6d5cc44ff4873828025b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 229348 f8f74c453a33dfc5343481cd98643130
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 167368 98755e3d6cd938578123edc0c2104fe1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 1807602 ceab2d0c86229a31b0770c2c51cf0945
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 1343876 b1a3ae80e2c7cafff7e44197047a1ab6
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.5_sparc.deb
Size/MD5: 169066 2f4d2b547679ffad25ec640f1a3de172
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2.diff.gz
Size/MD5: 86990 50de10999daeb9cebe38fab828aecef3
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2.dsc
Size/MD5: 953 e3024bcc25a9aee187b8a3441872d6e0
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 742920 c83be6b008a305d2860f9dcca4e5ec22
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 247850 7799ec35b79246a6b3886a2f96362dcc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 170318 013f34e8ea32fb69b0f53631287e24dd
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 1683658 bdbb1e77b5a98e22b428591948212d08
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 1330174 f263415d0356b04725a9ff90335e3489
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.2_amd64.deb
Size/MD5: 172372 187b4e70a69e641a2b39ef22d82423ca
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 742390 f23e1a597f83a1aee395f189966a58e1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 227406 513e65a460f95beb50d1200ef139fee4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 169290 b28d036a2305f396819fcfa832eef20b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 1591250 c06ffd5c0b5fb3f09790868e62291044
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 1285538 2263e91c805cbf855f9fb4f2e343bc73
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.2_i386.deb
Size/MD5: 167902 caf9bdd8378a3b245135ba7b2b367fef
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 746452 80331943e51728a13969a1a4bc581ffa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 251672 bbb94c1e4569bbae1f491d980dddafbd
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 162868 403936ab28de292d10f103bcfdfd9a0a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 1918390 81c4b45fa4f75252cb70fdc2099074b2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 1296836 0944561fcadf27e4a53e95f7269a9d3d
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.2_powerpc.deb
Size/MD5: 168574 2f6593449862cc3721f23a4f52ca2ede
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 742450 3c16574149385d7617979f25337752a2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 229264 89f44fe07dbe472d98c56ee0d264293d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 167926 5dd03884c6b6c2285f4b7343953dc967
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 1854270 0878864d6533d1fac64223d23af72ba7
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 1383100 1c17606f137734b285f0e834774dcaea
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.2_sparc.deb
Size/MD5: 174090 7978b0e21467ea431498c21c76f2f2e1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070215/394d39fe/attachment.sig>
More information about the ubuntu-security-announce
mailing list