=========================================================== Ubuntu Security Notice USN-340-1 September 06, 2006 imagemagick vulnerabilities CVE-2006-3743, CVE-2006-3744 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libmagick6 6:6.0.6.2-2.1ubuntu1.4 Ubuntu 5.10: libmagick6 6:6.2.3.4-1ubuntu1.3 Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.diff.gz Size/MD5: 143874 bd710b48cad9d3d0266fa4dcd5523a48 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.dsc Size/MD5: 899 e531cba19eb8e41c60e101cc6e79a486 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz Size/MD5: 6824001 477a361ba0154cc2423726fab4a3f57c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 1466542 7f9e75099eed68669d5784876ae6066b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 229066 0db412e0a3bcf57d371eabbe1913fd24 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 163878 3134724644ad57be626b8ff613a4c835 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 1551292 62abe53d84248daa41b5c851a3497c7a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 1195038 201931b29c9950dd1027bfe217be6462 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_amd64.deb Size/MD5: 232130 b854f8b1de8e335d3e4e4d16ddce8cf8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 1465282 3c6d5443fe05ec3975766b03b3c763ef http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 209096 eb535269e229ebfbd222bb956bdb7e6a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 164478 8dee42e92a08db66e02d7c6907fed68b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 1453974 fc61c840f10cebd266617dd8350d06a1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 1140640 e09d81a8c7816587cc3499043f4443cc http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_i386.deb Size/MD5: 232508 f1ab150d2419681e6766748ca7cdabeb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 1471972 ba92c6f99f9dbad7941cfe7904fc4c9d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 228064 8264660aa7e900a5b229211d2ab6fe95 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 157060 4c490ebe8e9ea43b64c60fa4925b69c9 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 1686208 3d22a7499735de8d09c52bdea473cfab http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 1169978 9d3f855e0683a6e7769cdd532f8f3975 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb Size/MD5: 270880 5b8ea03a3203cb9d76cfe2b423e47464 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.diff.gz Size/MD5: 143292 a6c6e92f30a8a62c2f309889ccdf127e http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.dsc Size/MD5: 899 8243dd001de2172bf8cb1e4c28feeed8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz Size/MD5: 5769194 7e9a3edd467a400a74126eb4a18e31ef amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 1333894 ef56ee172d0cbb7c7b3cef82c9ee03ee http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 259336 bdad8c4e22b7d26393f31d8f90a06e15 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 171398 195c91188443422b9f58b8e10fe8362c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 1670736 35a690079e1c0304ba7f85b27a7a38fa http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 1320416 9df057b70b2e090f32198815726f468a http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_amd64.deb Size/MD5: 169418 40245a5d603fdf86d74c04a5b119e730 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 1332870 43996727c09d0731c140f0cd211a46f3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 235760 3a1052372a9c8216d940f73012944aad http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 170648 74558cf36b88a099f5e4dfb76974c86f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 1521778 e3acb57b6d90aae20e3a26dc8962a45f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 1224274 a59c665803b450a8cc91db7353cc6883 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_i386.deb Size/MD5: 164720 d6249157f6bbe9908d863728a920b9b8 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 1337722 e2137e6a371c985bc4b5e6f83fd58b21 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 260278 dcd0a323ba23dd3bb5b702ec3aa8825d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 163906 33c052c757665c20a40ae1ce39b718c8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 1874192 ae37d509a273a974b90e5337027da8f2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 1258020 92e4fc65e39cd6ccfe6311e8b0ad4ddc http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_powerpc.deb Size/MD5: 163864 4e43a897b67d0fa938cd676fd0778d32 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 1333086 8b2ef320547ab41b906dd10a717023e3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 236926 00bdd59a73387766501db7e585a5f64e http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 168758 59db7fd855648fbef9608d9a5ff5681c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 1782006 5fdbe61fa9b4d2b398e8784cd1248dcc http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 1323562 4836a4cdd037cf30d3c7c0fa27884b2e http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_sparc.deb Size/MD5: 166172 b3221914a5a54cacdde143a67be8b742 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.diff.gz Size/MD5: 34590 249b4fe9ed75b1e0abcf9956dc3ddab0 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.dsc Size/MD5: 916 2bb38f32d3c2580682cfa2a8e69ef324 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 1615846 73d81c2ba3172e54bc6743b5b335e240 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 249128 c894ddd5a0e1e3e0a93e52ca10e41592 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 170050 210554ce3ebf4958db65abc22886a604 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 1702182 ff4b37412322f4e17c360b90acd21d86 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 1347584 9c0e4ac80a3af279ac3bcb4ce5f20cc5 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_amd64.deb Size/MD5: 171700 69bc5febb49cfb2082897beac7137ef4 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 1614570 a11713f48746d737a030a9952c932453 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 226878 e2a19eb162016210faf2a0114e24c373 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 168172 e7d47bf2bd7e52362b0b6f3163552aff http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 1555620 eb28867580922dd40a17229f44e05d2d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 1246668 5db32ffab79ac41cc59ccc4031f07296 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_i386.deb Size/MD5: 167086 d18e7867ec2a7525dd506cb2d1a622fb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 1619566 a7482b2b79145d9057dd7e9732ab5f3f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 251276 e83357186921572b87655690278b1213 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 162204 e7308053ac5829460a013872b8b1cc49 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 1905462 cb7f66550b75283eda721835ab4c932e http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 1283510 184890bdf2b5d49f58979e58c31f2128 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb Size/MD5: 166092 ccaaf9aec42105b3f5a7af4e4e57a60c sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 1615182 029dc2b26ee3f43c351d194edb594f51 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 229030 1fdd60f6c3c0d5129f3a371c981d15a0 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 167030 8be206f32a61cf973660b5f06d53c2e9 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 1807156 0b98f302cb8303b0cedbadd04d89444a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 1343110 3ecfeb730455ebca16d786e0bd403610 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_sparc.deb Size/MD5: 168794 7ceaa705e2fbbd0f664e8fcfc98bd648
Attachment:
signature.asc
Description: Digital signature