Linux Security
Linux Security
Linux Security

Debian: ImageMagick fix several vulnerabilities DSA-702-1

Date 01 Apr 2005
Posted By Joe Shakespeare
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 702-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
April 1st, 2005               
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : several
Problem-Type   : local (remote)
Debian-specific: no
CVE IDs        : CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762
BugTraq ID     : 12875
Debian Bug     : 297990

Several vulnerabilities have been discovered in ImageMagick, a
commonly used image manipulation library.  These problems can be
exploited by a carefully crafted graphic image.  The Common
Vulnerabilities and Exposures project identifies the following


    Tavis Ormandy discovered a format string vulnerability in the
    filename handling code which allows a remote attacker to cause a
    denial of service and possibly execute arbitrary code.


    Andrei Nigmatulin discovered a denial of service condition which
    can be caused by an invalid tag in a TIFF image.


    Andrei Nigmatulin discovered that the TIFF decoder is vulnerable
    to accessing memory out of bounds which will result in a
    segmentation fault.


    Andrei Nigmatulin discovered a buffer overflow in the SGI parser
    which allows a remote attacker to execute arbitrary code via a
    specially crafted SGI image file.

For the stable distribution (woody) these problems have been fixed in

For the unstable distribution (sid) these problems have been fixed in

We recommend that you upgrade your imagemagick package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      852 a15c9207799f081dd98137741ea6ff3a
      Size/MD5 checksum:    16745 4d7ca7465c6ddccf2469daa50708bb10
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:
      Size/MD5 checksum:  1309984 ba338db7c136e444624ea1baf4542882
      Size/MD5 checksum:   154312 e84ecca66a19e9ab19c5cdccc7b50cf2
      Size/MD5 checksum:    56504 97107fda4a8fdab9f94878dc0c64099f
      Size/MD5 checksum:   833508 d509ef8f730fbb1859c25e80ed541631
      Size/MD5 checksum:    67496 4cea2503f109812d1e9b15c59864a162
      Size/MD5 checksum:   114002 c36b4b799a35aafdeea7e15812b9317f

  ARM architecture:
      Size/MD5 checksum:  1297364 311a8c69fe6e5c9fb07cd46a9efe9b6c
      Size/MD5 checksum:   118998 7a4e8fbf7fc3c4ef0cd7a55a94aedebb
      Size/MD5 checksum:    56568 6d15686630d656bde0154bc2198737e9
      Size/MD5 checksum:   898982 99b8e3cd11b6628d5bc8b1ce3631661a
      Size/MD5 checksum:    67566 64d6832600f49dd5cc521200d6a3aaff
      Size/MD5 checksum:   110130 a1183bf2e0f132242e12e61ff2709579

  Intel IA-32 architecture:
      Size/MD5 checksum:  1294944 68e814230b7f1d9541b6425a308202ad
      Size/MD5 checksum:   122958 1e8124a2a00f4313f53fed519f597934
      Size/MD5 checksum:    56520 93d4e5a3fe8b73186144c3c32da1c7a5
      Size/MD5 checksum:   772790 b7aa7c91e2f0ccc8459659e50d2c3e29
      Size/MD5 checksum:    67516 bb9f2f32b01674c9251b3384a7ea7ecb
      Size/MD5 checksum:   107116 62dd2d24f082e40ee99ad34804571732

  Intel IA-64 architecture:
      Size/MD5 checksum:  1336402 6b3759a5668e38fffbe4d7b42815fce9
      Size/MD5 checksum:   137224 d14afd94727d4adc452acff048e6532c
      Size/MD5 checksum:    56492 c1449b54caaa5cb44522b4e1bf726100
      Size/MD5 checksum:  1360250 f6a07a004cdde46a4ca63e9342c2c263
      Size/MD5 checksum:    67496 34645b0a4d2e91a1e3e5be40f79b7831
      Size/MD5 checksum:   133128 fc4146c8b9e40d7d1fafc446cfe9f5f9

  HP Precision architecture:
      Size/MD5 checksum:  1297598 439b7582db0bf3d81ecb07828d0f2193
      Size/MD5 checksum:   133080 839a81effa97b63cc94c1d017be5a111
      Size/MD5 checksum:    56538 8b3d64f7b275b6b162a3b5ab8c308f87
      Size/MD5 checksum:   860082 9b1af5e4b8bbec6e444b4c064eca20db
      Size/MD5 checksum:    67536 81ff1905a0cc25a08c7933854c8870b5
      Size/MD5 checksum:   117380 4b508a87b1adf0df70b01776ac12ecde

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1292754 200fcc0ede095f3664278142a3616826
      Size/MD5 checksum:   134232 6d630d0cf31bca101414eaf85bfad676
      Size/MD5 checksum:    56568 8d36f2552a7a243830d686b341475ac5
      Size/MD5 checksum:   752122 a20851d31e0414e0f711483f7c0880b5
      Size/MD5 checksum:    67548 6d4d8d54045d3536382813636c772ddb
      Size/MD5 checksum:   107638 fa7e7f41400e0d1e6ab1a023f0b3680a

  Big endian MIPS architecture:
      Size/MD5 checksum:  1295080 7c56fcf5c91d7e150f5ffdd918a59f0d
      Size/MD5 checksum:   120514 0acf33b18ed3d13cb91123470ea119e3
      Size/MD5 checksum:    56542 f4059130ba28f7b5aaee65eb8b309034
      Size/MD5 checksum:   733268 72e09e1882693c1ce23b1e4af7bff832
      Size/MD5 checksum:    67536 5d8b6d466b1d196958fdb4af25aceac1
      Size/MD5 checksum:   103552 bedac29cebdb07de2cfcaacc74f2cd95

  Little endian MIPS architecture:
      Size/MD5 checksum:  1294986 d019d898ebf34e294d22de0961766cb1
      Size/MD5 checksum:   114194 a0938f3c642123d54eed414849c6a208
      Size/MD5 checksum:    56540 96a61a77e9f4586f376e426e9fd38f60
      Size/MD5 checksum:   721260 0d391b1dacecfe583be7475839b60f44
      Size/MD5 checksum:    67532 185ed4d1909ce47b330c2dcccf556cfa
      Size/MD5 checksum:   103082 71995a7aa491caf5934372dcbe5a0f25

  PowerPC architecture:
      Size/MD5 checksum:  1291654 8668dc869e092374cf065577efe0299c
      Size/MD5 checksum:   136166 3e82b082adb87fcac9d7de985c1e5569
      Size/MD5 checksum:    56530 477261d1d2ba7e708489e421f16f9169
      Size/MD5 checksum:   786508 94134153d2197af796b361570c0eabc8
      Size/MD5 checksum:    67524 d98810b21696d04234de762965538249
      Size/MD5 checksum:   112134 934550e0901466a6cde901ae495a3a22

  IBM S/390 architecture:
      Size/MD5 checksum:  1292328 718d9b153f4ef476c87d5edd7a49e17b
      Size/MD5 checksum:   132222 9884c69ac67a3bbdc816c3fa99754da7
      Size/MD5 checksum:    56522 4d78d6cf4bf65450c96a3b790253bfbe
      Size/MD5 checksum:   778350 8d9559caafcf89f5a3ac7ca176590868
      Size/MD5 checksum:    67526 bcc3415a9a8713de9090a02574619519
      Size/MD5 checksum:   109200 cd42c80bc62007d844e968cbbcdd552c

  Sun Sparc architecture:
      Size/MD5 checksum:  1295418 d4856270abcdd7f13edeb936b6fef130
      Size/MD5 checksum:   124058 398f89e2b26f3de378c8637a7918295d
      Size/MD5 checksum:    56536 401e2418f5e0467a873cc085c97f5cd6
      Size/MD5 checksum:   802868 058c06b4bba2b2a5349ff75444eaa236
      Size/MD5 checksum:    67526 bf83c12f85bfe35bcaefa60c8d2054d4
      Size/MD5 checksum:   113100 94154ee3f7695ecdaebb0a39548f4908

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"45","type":"x","order":"1","pct":80.36,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"6","type":"x","order":"2","pct":10.71,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.93,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.