--------------------------------------------------------------------------
Debian Security Advisory DSA 593-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
November 16th, 2004                      Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0981
Debian Bug     : 278401

A vulnerability has been reported for ImageMagick, a commonly used
image manipulation library.  Due to a boundary error within the EXIF
parsing routine, a specially crafted graphic images could lead to the
execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody4.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.5.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      852 c053f06bcb00f7cc722814ece4c99462
      
      Size/MD5 checksum:    15309 bb1ec78c190677ceb5311ffe167b8184
      
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

      
      Size/MD5 checksum:  1309792 f3e20f97b3a081cd3e73675c2131a345
      
      Size/MD5 checksum:   154144 4b8abf5400526b55d41b6a23a747740d
      
      Size/MD5 checksum:    56232 d6be366bdb42ff918de236b42e5fc03e
      
      Size/MD5 checksum:   833420 811a90a17be12877a5352474b4ff50b0
      
      Size/MD5 checksum:    67276 ea7ecc0c685293d0bfe90d7d5eec5eae
      
      Size/MD5 checksum:   113786 896b92eda8b1572090c28f7781617bcb

  ARM architecture:

      
      Size/MD5 checksum:  1297076 1480d317943ebd0d62af4e91cb70e8bc
      
      Size/MD5 checksum:   118678 9bd22b4793a02f7d55178093950f2af1
      
      Size/MD5 checksum:    56272 dced3c2b19dadc4a9269ca8694a9fb17
      
      Size/MD5 checksum:   898586 0603ac9d5290dad892eb26cc9d3f5f9c
      
      Size/MD5 checksum:    67312 332b1462e38cab79c3baf075124f0a52
      
      Size/MD5 checksum:   109900 d5c8d8247af36dbf8e6d38343b451c0b

  Intel IA-32 architecture:

      
      Size/MD5 checksum:  1295130 5c546d50eb6a1c1597c491849a74ba00
      
      Size/MD5 checksum:   122766 a778e5be49e9a22fea94f6a6d83f7035
      
      Size/MD5 checksum:    56254 2758908cfe92661e70e3def07595126a
      
      Size/MD5 checksum:   772498 17eb974bb841ad4332e1ebbc800f7ce2
      
      Size/MD5 checksum:    67296 f1c482c8e6a2e0dda18d9fd69120f8f2
      
      Size/MD5 checksum:   106912 3a35af388be49b0978665202a1ec7e66

  Intel IA-64 architecture:

      
      Size/MD5 checksum:  1336172 10c0e32424a9dca3d3cd66779921022f
      
      Size/MD5 checksum:   137042 d499c76fb08bfb8c63bf89384f297bf7
      
      Size/MD5 checksum:    56222 c0e9c7c41e6cb6f0097f979373b6a895
      
      Size/MD5 checksum:  1359968 58957910d3e927d2f0c41db825db19d5
      
      Size/MD5 checksum:    67260 1ab111e57700c86384f02b98e7be823e
      
      Size/MD5 checksum:   132904 55f936250c3cf6859dc38cfce35df9a6

  HP Precision architecture:

      
      Size/MD5 checksum:  1297346 930d77ec6653cd705af67d47f1090d32
      
      Size/MD5 checksum:   132850 d5988feb87c126dcab6df72e6e590545
      
      Size/MD5 checksum:    56270 3395e0bbce4bc6092fc81a1fe1193bc2
      
      Size/MD5 checksum:   859724 56b6e89439f151f21001e345340248a4
      
      Size/MD5 checksum:    67328 c88fc994c5ed2c6fed15685fdd78758f
      
      Size/MD5 checksum:   117164 30cd8726f73026a2e20c8efe04c528a9

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:  1292548 8d360c360fbb9c477cd0ae1aca69448e
      
      Size/MD5 checksum:   134004 5d597e8f01686d39f1a852b248487b59
      
      Size/MD5 checksum:    56300 3160b3dae3facf978d1176957b95af68
      
      Size/MD5 checksum:   751758 83cc438c729286babb7ac84346f07654
      
      Size/MD5 checksum:    67332 d13d7618bbce5050e8d05bfaa5ab6498
      
      Size/MD5 checksum:   107408 6e3b040f07982b2fd3f1d0f83ec02f8d

  Big endian MIPS architecture:

      
      Size/MD5 checksum:  1294866 2e4bd7d79951377b4da399738fe88a77
      
      Size/MD5 checksum:   120252 7c69c8cbae8f03add859573edfe3e241
      
      Size/MD5 checksum:    56276 3a8ff5352159ddfb8b2d32641acdd625
      
      Size/MD5 checksum:   733000 30b1e4b7c930878890553ef6a441ca09
      
      Size/MD5 checksum:    67326 6bc5cdbfe033642b3a27baeafb31f300
      
      Size/MD5 checksum:   103322 7075ae9b234bc564631b67661736e543

  Little endian MIPS architecture:

      
      Size/MD5 checksum:  1294860 33b3593e696a9aff9dac216778fea431
      
      Size/MD5 checksum:   113820 a81bf3b33cd7abddb1335ab61be0c4dc
      
      Size/MD5 checksum:    56302 e1f179a6be8c7781eba49e0c25d1013e
      
      Size/MD5 checksum:   721030 2dd79a60f0e8a46dee376cbe79b78b8d
      
      Size/MD5 checksum:    67322 a8e370ec24fcb00d8b585837034502e5
      
      Size/MD5 checksum:   102868 ac84fdb646eace65d69208bb522a3976

  PowerPC architecture:

      
      Size/MD5 checksum:  1291426 205981d0b3cd47699602d1ecb8636fb4
      
      Size/MD5 checksum:   135900 4908551a03f72d05f4d34f2bf767fcdd
      
      Size/MD5 checksum:    56268 8c3150906852c56a2cce8ebb20292e84
      
      Size/MD5 checksum:   786006 39b95827036f22e43245489944294bb8
      
      Size/MD5 checksum:    67304 9eb67cfc99e2632453c9335d7688ca6f
      
      Size/MD5 checksum:   111908 369ae1547d021b06c865e107db68c1bc

  IBM S/390 architecture:

      
      Size/MD5 checksum:  1292148 b018542967462dfb08559ee8ca413af0
      
      Size/MD5 checksum:   132004 366eca80ee3ae6e97e75c346298dfa4e
      
      Size/MD5 checksum:    56256 b50d9cda59825fb64ce17d42e6862c21
      
      Size/MD5 checksum:   777968 b51017dcfc2106b458af6fd3f0f1e5c0
      
      Size/MD5 checksum:    67304 5884f688ddd0dd60eb44cf609c79b0c2
      
      Size/MD5 checksum:   108956 0a1a43eb74ac289387783e32c85fb15b

  Sun Sparc architecture:

      
      Size/MD5 checksum:  1295192 ecc31b2bf9f87175011f42517406449b
      
      Size/MD5 checksum:   123844 506d5252bd0b53224f358eef3cfc0808
      
      Size/MD5 checksum:    56262 1c5766ed3e5e2a2ed57bf2394481e23d
      
      Size/MD5 checksum:   802610 ed2a8842b6612e96682f13e28fa74f96
      
      Size/MD5 checksum:    67312 a640d03d461769bb0c23f1a77003ef1d
      
      Size/MD5 checksum:   112880 93033756bee95ec9523d427e6813782d


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: imagemagick arbitrary code execution fix

November 16, 2004
A vulnerability has been reported for ImageMagick, a commonly used image manipulation library

Summary

A vulnerability has been reported for ImageMagick, a commonly used
image manipulation library. Due to a boundary error within the EXIF
parsing routine, a specially crafted graphic images could lead to the
execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody4.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.5.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 852 c053f06bcb00f7cc722814ece4c99462

Size/MD5 checksum: 15309 bb1ec78c190677ceb5311ffe167b8184

Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:


Size/MD5 checksum: 1309792 f3e20f97b3a081cd3e73675c2131a345

Size/MD5 checksum: 154144 4b8abf5400526b55d41b6a23a747740d

Size/MD5 checksum: 56232 d6be366bdb42ff918de236b42e5fc03e

Size/MD5 checksum: 833420 811a90a17be12877a5352474b4ff50b0

Size/MD5 checksum: 67276 ea7ecc0c685293d0bfe90d7d5eec5eae

Size/MD5 checksum: 113786 896b92eda8b1572090c28f7781617bcb

ARM architecture:


Size/MD5 checksum: 1297076 1480d317943ebd0d62af4e91cb70e8bc

Size/MD5 checksum: 118678 9bd22b4793a02f7d55178093950f2af1

Size/MD5 checksum: 56272 dced3c2b19dadc4a9269ca8694a9fb17

Size/MD5 checksum: 898586 0603ac9d5290dad892eb26cc9d3f5f9c

Size/MD5 checksum: 67312 332b1462e38cab79c3baf075124f0a52

Size/MD5 checksum: 109900 d5c8d8247af36dbf8e6d38343b451c0b

Intel IA-32 architecture:


Size/MD5 checksum: 1295130 5c546d50eb6a1c1597c491849a74ba00

Size/MD5 checksum: 122766 a778e5be49e9a22fea94f6a6d83f7035

Size/MD5 checksum: 56254 2758908cfe92661e70e3def07595126a

Size/MD5 checksum: 772498 17eb974bb841ad4332e1ebbc800f7ce2

Size/MD5 checksum: 67296 f1c482c8e6a2e0dda18d9fd69120f8f2

Size/MD5 checksum: 106912 3a35af388be49b0978665202a1ec7e66

Intel IA-64 architecture:


Size/MD5 checksum: 1336172 10c0e32424a9dca3d3cd66779921022f

Size/MD5 checksum: 137042 d499c76fb08bfb8c63bf89384f297bf7

Size/MD5 checksum: 56222 c0e9c7c41e6cb6f0097f979373b6a895

Size/MD5 checksum: 1359968 58957910d3e927d2f0c41db825db19d5

Size/MD5 checksum: 67260 1ab111e57700c86384f02b98e7be823e

Size/MD5 checksum: 132904 55f936250c3cf6859dc38cfce35df9a6

HP Precision architecture:


Size/MD5 checksum: 1297346 930d77ec6653cd705af67d47f1090d32

Size/MD5 checksum: 132850 d5988feb87c126dcab6df72e6e590545

Size/MD5 checksum: 56270 3395e0bbce4bc6092fc81a1fe1193bc2

Size/MD5 checksum: 859724 56b6e89439f151f21001e345340248a4

Size/MD5 checksum: 67328 c88fc994c5ed2c6fed15685fdd78758f

Size/MD5 checksum: 117164 30cd8726f73026a2e20c8efe04c528a9

Motorola 680x0 architecture:


Size/MD5 checksum: 1292548 8d360c360fbb9c477cd0ae1aca69448e

Size/MD5 checksum: 134004 5d597e8f01686d39f1a852b248487b59

Size/MD5 checksum: 56300 3160b3dae3facf978d1176957b95af68

Size/MD5 checksum: 751758 83cc438c729286babb7ac84346f07654

Size/MD5 checksum: 67332 d13d7618bbce5050e8d05bfaa5ab6498

Size/MD5 checksum: 107408 6e3b040f07982b2fd3f1d0f83ec02f8d

Big endian MIPS architecture:


Size/MD5 checksum: 1294866 2e4bd7d79951377b4da399738fe88a77

Size/MD5 checksum: 120252 7c69c8cbae8f03add859573edfe3e241

Size/MD5 checksum: 56276 3a8ff5352159ddfb8b2d32641acdd625

Size/MD5 checksum: 733000 30b1e4b7c930878890553ef6a441ca09

Size/MD5 checksum: 67326 6bc5cdbfe033642b3a27baeafb31f300

Size/MD5 checksum: 103322 7075ae9b234bc564631b67661736e543

Little endian MIPS architecture:


Size/MD5 checksum: 1294860 33b3593e696a9aff9dac216778fea431

Size/MD5 checksum: 113820 a81bf3b33cd7abddb1335ab61be0c4dc

Size/MD5 checksum: 56302 e1f179a6be8c7781eba49e0c25d1013e

Size/MD5 checksum: 721030 2dd79a60f0e8a46dee376cbe79b78b8d

Size/MD5 checksum: 67322 a8e370ec24fcb00d8b585837034502e5

Size/MD5 checksum: 102868 ac84fdb646eace65d69208bb522a3976

PowerPC architecture:


Size/MD5 checksum: 1291426 205981d0b3cd47699602d1ecb8636fb4

Size/MD5 checksum: 135900 4908551a03f72d05f4d34f2bf767fcdd

Size/MD5 checksum: 56268 8c3150906852c56a2cce8ebb20292e84

Size/MD5 checksum: 786006 39b95827036f22e43245489944294bb8

Size/MD5 checksum: 67304 9eb67cfc99e2632453c9335d7688ca6f

Size/MD5 checksum: 111908 369ae1547d021b06c865e107db68c1bc

IBM S/390 architecture:


Size/MD5 checksum: 1292148 b018542967462dfb08559ee8ca413af0

Size/MD5 checksum: 132004 366eca80ee3ae6e97e75c346298dfa4e

Size/MD5 checksum: 56256 b50d9cda59825fb64ce17d42e6862c21

Size/MD5 checksum: 777968 b51017dcfc2106b458af6fd3f0f1e5c0

Size/MD5 checksum: 67304 5884f688ddd0dd60eb44cf609c79b0c2

Size/MD5 checksum: 108956 0a1a43eb74ac289387783e32c85fb15b

Sun Sparc architecture:


Size/MD5 checksum: 1295192 ecc31b2bf9f87175011f42517406449b

Size/MD5 checksum: 123844 506d5252bd0b53224f358eef3cfc0808

Size/MD5 checksum: 56262 1c5766ed3e5e2a2ed57bf2394481e23d

Size/MD5 checksum: 802610 ed2a8842b6612e96682f13e28fa74f96

Size/MD5 checksum: 67312 a640d03d461769bb0c23f1a77003ef1d

Size/MD5 checksum: 112880 93033756bee95ec9523d427e6813782d


These files will probably be moved into the stable distribution on
its next update.

Severity
Package : imagemagick
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0981
Debian Bug : 278401

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved