=========================================================== Ubuntu Security Notice USN-523-1 October 03, 2007 imagemagick vulnerabilities CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.7 Ubuntu 6.10: libmagick9 7:6.2.4.5.dfsg1-0.10ubuntu0.4 Ubuntu 7.04: libmagick9 7:6.2.4.5.dfsg1-0.14ubuntu0.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7.diff.gz Size/MD5: 42229 8120c33149c2ec1c1f3b59a3882630fd http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7.dsc Size/MD5: 914 941dd3ec1f2c513843062bc7c769454c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 1616632 d4deb50c1b1843ebe5ada38c3b56a3a2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 249720 bbdbb608c3dde24b5a423bfca415a704 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 170604 c42f9f23d935cbe5de06b4d9e7facce6 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 1705106 ee5cfdd6a9fe9f3d3404295a8f39197c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 1349578 d70c6512fafb8d10bdfc53084f6f9fd2 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_amd64.deb Size/MD5: 172456 73aaae0a55239d0d7a5ce4220490a881 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 1615386 bade96979da7e0960b3516d8e09459d1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 227720 51be8028e21b2c750e8ea413b66a3543 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 169462 fa5d5893963efd82c52334c555782fa2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 1558274 99314fcb246c64ad52dce43b7d66f247 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 1249796 f033bc31f42bdd6e3122846b600490e3 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_i386.deb Size/MD5: 167824 10d861f2a6bc25de801997490ead6ae9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 1620294 5ebba88fe11c95a1309c3e8afabbc999 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 251980 661548d888e99f8a0842d7d498270fa2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 162972 e987bb72d7a5b08bd2cb2d4172536d09 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 1909248 02be55420fcb300581026237a5523e79 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 1285474 60c5e4cc95c31d1d9a4a47c1eb2f1c76 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_powerpc.deb Size/MD5: 166824 d96be3a8faf3087f5e063dff516aec77 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 1615976 87e20f2a19bb9eae8498d1567d249215 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 229814 6c9bc836e4539d9e9f67e821c0b2f358 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 167896 0f19a91b4d3cf2f0cf07c4f307818dfa http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 1809740 423f679061471f7686164a4f2119fa0e http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 1345726 be4ec16609353a9b2dced58772823711 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.7_sparc.deb Size/MD5: 169522 f15fc28c9846701bbeb3150cbb63f42c Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4.diff.gz Size/MD5: 94150 c406a03d15a72c8219076b177d733efd http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4.dsc Size/MD5: 953 2ba54bda9ac1130a7c0026d0c75e1195 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 743208 6472383510d01ce766bd48c976dd94ca http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 248166 fd907ef5c6b8b34ff95820c9000cd8be http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 170656 d19b82c361f2fc0efc650eb06ef1cbb4 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 1685696 96a0ae5c4efd53b9885aa927c3d88d7b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 1331462 2c2ae39783fd161182a37c77fd381983 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_amd64.deb Size/MD5: 172676 e8368688e5e0c1dd8c0d0b73429b7eaa i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 742702 8674afb1cd17ed0d0a84b28149ee00cb http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 227678 0544b89e5040976e7dd2a9dbb137c15f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 169778 4b038eb5a37a87c977ea79df858211e2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 1592776 ed93c84228f312ebde2d3fcbaae0fc9b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 1286692 50807ec57d937f19654c0f82e7f9ccf2 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_i386.deb Size/MD5: 168206 66185c7acdf25b81a8e599aedff286cb powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 746562 0d5e437a042a23985caf9dd6e59d7548 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 251904 1a9b8931aa3ce8f622076590c185f283 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 163224 4cbbd2435cd5c59ce2404fe5195c80c2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 1921112 d1f8ef2b8304c32795690a387eb93e1a http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 1297810 d92eb04f586a24b26174b957d6bb16e2 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_powerpc.deb Size/MD5: 168892 6916929ea46391deaa92b27545a54525 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 742736 e96324230644733315a1ea84b0abdf10 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 229538 938da3f1037199e94da3862cc6c9bd47 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 168252 576d312de827f94ea1741b1229d80bdc http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 1856882 a96a99caf2a1da0da1f795b4b3ea2002 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 1384388 9ab8aafc61248392aefcc2053c946692 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.4_sparc.deb Size/MD5: 174394 f2e60838cb8482b4bd6734f171299313 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2.diff.gz Size/MD5: 96096 38a3c71f92a8bcefae28e870d7772e15 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2.dsc Size/MD5: 1119 d40113bf0a051e434d614fca74c37af3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 740384 cda2c2e417cc11cbe91bf307460af628 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 248398 4969f6832002108c4a695b73387172fb http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 188416 eccb8048a8c954e94eaf08b22c810a7d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 1686218 8a3ab9db9b425b1a2be2970dd1fe9641 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 1342718 b4c8ab3a699e291133fe5238abdbf50a http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_amd64.deb Size/MD5: 173488 64528e0e9592f146eadfe5540c59bef1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 739304 0caa7730df5d710fb876038aed038557 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 228056 3aa8a19647803bf707d56462c208ab80 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 192456 57812265e2ad9f663946b419e4bbb9a4 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 1593102 3729f1ee62a869d776c04a47f79419fc http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 1298944 3a9dee8633132e4f3dc60eb90df2f60c http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_i386.deb Size/MD5: 169122 a72c856f0cb2d21edb2e72982a079534 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 748292 777ba82a6f15486175f925c6c796e264 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 252400 b73aa1033131262232149a5c0158dd4f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 202016 e2f56ce89c6fba93a5e4de5fbe3cf022 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 1919668 b680f2c8f557932064238fd60c878f8d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 1357236 271e83346ed64b9955646338a54a39f8 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_powerpc.deb Size/MD5: 172706 35a4bb14850902ced62351e601f1c0ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 740302 88a8ead7e434ee0761c403d38479bfc7 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 229926 8f2dcb658c8d893a99657d4c6fabfcf8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 192604 ac085df1fece347cf401bcd3805a65a7 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 1855566 45c09f03226894dc59e95a7559a48d3f http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 1395968 5b77017d497dea65fe667f1b5cde3552 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.2_sparc.deb Size/MD5: 175096 fd8e49f508cf99a09a9d7d2f50a3e838
Attachment:
signature.asc
Description: Digital signature