=========================================================== Ubuntu Security Notice USN-246-1 January 24, 2006 imagemagick vulnerabilities CVE-2005-4601, CVE-2006-0082, http://bugs.debian.org/345595 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: imagemagick The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.6 (for Ubuntu 4.10), 6:6.0.6.2-2.1ubuntu1.2 (for Ubuntu 5.04), or 6:6.2.3.4-1ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be exploited to execute arbitrary commands with the user's privileges. These vulnerability become particularly critical if malicious images are sent as email attachments and the email client uses imagemagick to convert/display the images (e. g. Thunderbird and Gnus). In addition, Eero Häkkinen reported a bug in the command line argument processing of the 'display' command. Arguments that contained wildcards and were expanded to several files could trigger a heap overflow. However, there is no known possiblity to exploit this remotely. (http://bugs.debian.org/345595) Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.6.diff.gz Size/MD5: 134606 4b31a39ad25a54ac6e5660fe40b9ed24 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.6.dsc Size/MD5: 874 a1df37b8d2d62110e48a2ce92483c88d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 1366942 031239f615f2b746392fe625f26a4f74 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 227402 cd79a681715e4b3478d510559b15714d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 162112 17b36e50423ce7bc9ca7a43440203ce3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 1522024 05a2569eb10f5292a2559fa612a788b5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 1168622 2a5c961ae1ec074403ed154493df80ff http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.6_amd64.deb Size/MD5: 139462 8c2ab6b4f84c8add21d46dd7d876b577 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 1366892 80b670fd0bac3e55b8178dab5f05c844 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 207450 4710b1d09e754d04e6d638b0812d6e11 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 163376 1056116182350ad8f64e57e150634f7e http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 1427412 ca850b91e4f39e9e19178be9228ccabe http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 1117264 c07a26a9b2a40c1da40d458b0df657e0 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.6_i386.deb Size/MD5: 138022 487d5569d70cc7012975d64504879628 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 1372024 a75468520f752d9a810ea4cffddb3e92 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 226066 373518e298911dd74d7e4ba117964a28 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 155200 85f464df3f14c0c02ad3971022d663d5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 1663242 5180ae627cc48e3523f9de4f03898d69 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 1153814 f9c9c2db361f52977d18bda5ce8c6a4f http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.6_powerpc.deb Size/MD5: 136962 f8d63f5842e707c2486212a2939c9adf Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.2.diff.gz Size/MD5: 142402 88d606def6be0f7218f41291dd3324d5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.2.dsc Size/MD5: 899 3c3932cbac1d221f535d6eef36b1fdae http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz Size/MD5: 6824001 477a361ba0154cc2423726fab4a3f57c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 1466370 74271b63dabc2070242a58b255ac702c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 228796 185021d56caddf09f97842ca92079ae1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 163618 2f7b45227d703e76ed8c0aa0c096043a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 1550780 7d40b54efa938be50d425fc6b65541f6 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 1194764 a3699ddbb32e0a8fcf7e301e9116c792 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.2_amd64.deb Size/MD5: 231838 8b862ed12df39896908b0cb734de3664 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 1465000 5a18ad991a335a509bc15bcd53275ff2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 208886 d18d1ff45ec4f966ab8404a5c19f88ab http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 164364 ee15d0e87891b335490f33053bb0bbf9 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 1453440 0a32a5416da430ec0bad36c9ff3ce472 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 1140134 54f35379a5e273d06673f295a903eeb5 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.2_i386.deb Size/MD5: 232212 afcabad7e0acbd41bcc87ac44907abcd powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 1471744 2e733a0863fdb86b85b60411e19f6db1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 227776 117db34854a6841b41069769e1046019 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 156750 4bd0278363240e0c7db0312d943b29c0 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 1685470 ccdfd882db3b2a0e54940abec63b5f1c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 1169660 aa8cd772447aca0b54b232b1535d633e http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.2_powerpc.deb Size/MD5: 270578 08b125b02a9c13fae6b4d7332620fe86 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.1.diff.gz Size/MD5: 141719 559a4d4ed6e7bbfe0ad5a786cd5d4732 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.1.dsc Size/MD5: 899 fb21becc6f02ec9301f916ea8de051e8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 1333686 633e09174c3e2e695c95ca3f92000f71 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 259082 c7ec6c78d48c4a8359beff834e07a205 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 171182 7a2cb4a4c564cb4ce8f3a9e00d5368bb http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 1670016 8ad4ffdf0f7e2afa6c13bd92a9d8e3ff http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 1319860 ebe2ed9b8bb7872748a7d7999d6b214f http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.1_amd64.deb Size/MD5: 169108 0614280b6b9a0c66fbaaae7331a9abd0 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 1332624 30f8c9079904779d175e51010a247de7 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 235462 20d850dc0f4c33b5ad6dc2f73c7bacb2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 170338 37ca4adeeed945b8091013dee7c8ac93 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 1521306 a930ae70ca0ca466dccff3241f9cbbb3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 1223752 11dc33c26d87a87478e61a03de036049 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.1_i386.deb Size/MD5: 164420 184ef6337e3310db99be77124a5e0696 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 1337288 c0fa8dbe382c9c31d9d6d64c00574f1d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 259984 7a6f5aca4a3f1f8312dfa2b63a5134ff http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 163560 bf2974c1669997ea3418fd27fcaf40de http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 1873442 54ac80d3c655b335d84d7845e8fbb425 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 1257526 97bfc0a71d5bd78185781e9d7ff2168f http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.1_powerpc.deb Size/MD5: 163568 b97c878e2f3569756e87600af040803b
Attachment:
signature.asc
Description: Digital signature