=========================================================== Ubuntu Security Notice USN-681-1 December 01, 2008 imagemagick vulnerability CVE-2008-1096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: imagemagick 6:6.2.4.5-0.6ubuntu0.8 Ubuntu 7.10: imagemagick 7:6.2.4.5.dfsg1-2ubuntu1.1 After a standard system upgrade you need to restart any applications that use ImageMagick, such as OpenOffice.org and Inkscape, to effect the necessary changes. Details follow: It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz Size/MD5: 42513 e496b5beeaca8ffaf73792efc552bb75 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc Size/MD5: 922 18af22ef2d20f02bc71a2b4d525101ba http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1616784 e140ab1826153433380bf0e087401ce5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 249840 b52af42a36a2e6aeded4f0e1bdc3c7c5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 170776 f99388b02f4989d6b3d98886ecef69e3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1705392 9de94091eb1cf8a31b28516c1444cd94 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 1349700 a0712e9eefe0c2d2e8e59a5920dd8821 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb Size/MD5: 172600 affa28f951b642bf64cdfdb4153b193d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1615502 34f7ed99bbdaed2247321395623e9e6c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 227826 8308c202b96c1960fd352b4a011ba290 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 169702 1380b74079bf68498434229be87ba197 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1558588 edfc14ac9018b3e6f4e303e83af74637 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 1250130 72e586dfbe9bcb0602a37eadcce574bc http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb Size/MD5: 167964 2bc1e8c08d403321df20868c6a646bfd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1620342 50b2274fd75d9f8fe2c78d9bb9aad4be http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 252100 d0073b909c9073b4108272cf58724bb2 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 163178 228bf2af722438ff3584bb85075cf956 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1909532 b7d8d5fbdac11cc2bb8df9faffb6592d http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 1285690 d1a834cc502a2ae7a8c0a805da80fd83 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb Size/MD5: 166968 8c568ce0d4d7ab9f46e681f0f5c80b8f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1616114 80af67cc6405b2f9744a66f62ab7e35b http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 229934 8069e7cc0272505907654484c0083400 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 168044 bec93b0a4e03bf308c0e5e73649c0267 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1810056 df876fb99e74ac4efce39d6292fc7ed1 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 1345938 6860ae7d2d44f88534954fa0bb13bf88 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb Size/MD5: 169680 b4484481d95850f256bdb2b74d7d55cb Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz Size/MD5: 102763 811963207b510b778d0d7dfe587f51b5 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc Size/MD5: 1161 cdd5a298b1e72c812040be67afcf3133 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 741190 22a0f42c8fe6bf82b7e588a10960c7e6 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 250830 d7fe4b4df55c1ac4f9b4628492e12f38 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 190196 3c81b936c68598a798eeee0e64c11eee http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 1690802 49383fd5daeff5e035e4b31e8d697209 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 1344812 1ff84f6ba161d153669c2078008c60c9 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 174500 c22f3e517108a16ee1cf2f6515cf6a59 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 740024 1a3c4a2e1a4c08dc88c0021161b27aea http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 229606 30526dfa6efafe965c388b2f4bfa2a86 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 193348 606db68900dacebf677d179810e72400 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 1595204 4e55cb3cd9cf80b3ca1c208e4483baeb http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 1299758 a5f58f9b23fc018b3f16d5ef6022d7e9 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb Size/MD5: 170004 33cc347f9ae218ee1cff56038037572b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 231664 05864c90d9a8eef57b1601ce729e2a9f http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 189572 dffbb7faddc85df1c040d770daa4bbf3 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 1612224 a9ef6f4e75bdba532245861cf885ea44 http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 1303844 e1d3379589cdce724db0ea694e6ced24 http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 174134 983b86da5547223294ba688951168c5b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 748896 1f782e8b18ef490a011058c1b2856503 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 253594 c76d8b774405138a6d13f1cf38779a51 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 202724 c0524feeace6bc5596ddc470cfdebeac http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 1923526 63ee716b9cd22f6ee313d2e64989d4c8 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 1358750 5818d6912d7d440f5ffaf80c6dd7dfd3 http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 173422 9a8dda1198866d8f2f9c3a78522e8af2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 741060 b7a79b518707f40a45cb8962406cecab http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 230760 af528afb7d77f825fea574a66e528a04 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 193168 ce61ffd320fd022743da316b2a889dd3 http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 1858960 98309e6cca4b1c979a84c022988d271c http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 1399932 fb4cde1381eacc9357f52ddd607aef4f http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 175946 65ea96b9ebfc22fd9eea8daee44f38d4
Attachment:
signature.asc
Description: This is a digitally signed message part