<<< Date Index >>>     <<< Thread Index >>>

[USN-681-1] ImageMagick vulnerability



===========================================================
Ubuntu Security Notice USN-681-1          December 01, 2008
imagemagick vulnerability
CVE-2008-1096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  imagemagick                     6:6.2.4.5-0.6ubuntu0.8

Ubuntu 7.10:
  imagemagick                     7:6.2.4.5.dfsg1-2ubuntu1.1

After a standard system upgrade you need to restart any applications that
use ImageMagick, such as OpenOffice.org and Inkscape, to effect the
necessary changes.

Details follow:

It was discovered that ImageMagick did not correctly handle certain
malformed XCF images. If a user were tricked into opening a specially
crafted image with an application that uses ImageMagick, an attacker
could cause a denial of service and possibly execute arbitrary code with
the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz
      Size/MD5:    42513 e496b5beeaca8ffaf73792efc552bb75
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc
      Size/MD5:      922 18af22ef2d20f02bc71a2b4d525101ba
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1616784 e140ab1826153433380bf0e087401ce5
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   249840 b52af42a36a2e6aeded4f0e1bdc3c7c5
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   170776 f99388b02f4989d6b3d98886ecef69e3
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1705392 9de94091eb1cf8a31b28516c1444cd94
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1349700 a0712e9eefe0c2d2e8e59a5920dd8821
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   172600 affa28f951b642bf64cdfdb4153b193d

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1615502 34f7ed99bbdaed2247321395623e9e6c
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   227826 8308c202b96c1960fd352b4a011ba290
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   169702 1380b74079bf68498434229be87ba197
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1558588 edfc14ac9018b3e6f4e303e83af74637
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1250130 72e586dfbe9bcb0602a37eadcce574bc
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   167964 2bc1e8c08d403321df20868c6a646bfd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1620342 50b2274fd75d9f8fe2c78d9bb9aad4be
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   252100 d0073b909c9073b4108272cf58724bb2
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   163178 228bf2af722438ff3584bb85075cf956
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1909532 b7d8d5fbdac11cc2bb8df9faffb6592d
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1285690 d1a834cc502a2ae7a8c0a805da80fd83
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   166968 8c568ce0d4d7ab9f46e681f0f5c80b8f

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1616114 80af67cc6405b2f9744a66f62ab7e35b
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   229934 8069e7cc0272505907654484c0083400
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   168044 bec93b0a4e03bf308c0e5e73649c0267
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1810056 df876fb99e74ac4efce39d6292fc7ed1
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1345938 6860ae7d2d44f88534954fa0bb13bf88
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   169680 b4484481d95850f256bdb2b74d7d55cb

Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz
      Size/MD5:   102763 811963207b510b778d0d7dfe587f51b5
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc
      Size/MD5:     1161 cdd5a298b1e72c812040be67afcf3133
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
      Size/MD5:  5203463 2c5d3723d25c4119cf003efce2161c56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   741190 22a0f42c8fe6bf82b7e588a10960c7e6
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   250830 d7fe4b4df55c1ac4f9b4628492e12f38
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   190196 3c81b936c68598a798eeee0e64c11eee
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1690802 49383fd5daeff5e035e4b31e8d697209
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1344812 1ff84f6ba161d153669c2078008c60c9
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   174500 c22f3e517108a16ee1cf2f6515cf6a59

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   740024 1a3c4a2e1a4c08dc88c0021161b27aea
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   229606 30526dfa6efafe965c388b2f4bfa2a86
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   193348 606db68900dacebf677d179810e72400
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1595204 4e55cb3cd9cf80b3ca1c208e4483baeb
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1299758 a5f58f9b23fc018b3f16d5ef6022d7e9
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   170004 33cc347f9ae218ee1cff56038037572b

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9
    
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   231664 05864c90d9a8eef57b1601ce729e2a9f
    
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   189572 dffbb7faddc85df1c040d770daa4bbf3
    
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1612224 a9ef6f4e75bdba532245861cf885ea44
    
http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1303844 e1d3379589cdce724db0ea694e6ced24
    
http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   174134 983b86da5547223294ba688951168c5b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   748896 1f782e8b18ef490a011058c1b2856503
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   253594 c76d8b774405138a6d13f1cf38779a51
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   202724 c0524feeace6bc5596ddc470cfdebeac
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1923526 63ee716b9cd22f6ee313d2e64989d4c8
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1358750 5818d6912d7d440f5ffaf80c6dd7dfd3
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   173422 9a8dda1198866d8f2f9c3a78522e8af2

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   741060 b7a79b518707f40a45cb8962406cecab
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   230760 af528afb7d77f825fea574a66e528a04
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   193168 ce61ffd320fd022743da316b2a889dd3
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1858960 98309e6cca4b1c979a84c022988d271c
    
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1399932 fb4cde1381eacc9357f52ddd607aef4f
    
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   175946 65ea96b9ebfc22fd9eea8daee44f38d4


Attachment: signature.asc
Description: This is a digitally signed message part