Debian: New ImageMagick packages fix several vulnerabilities

    Date01 Apr 2005
    CategoryDebian
    5222
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 702-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    April 1st, 2005                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : imagemagick
    Vulnerability  : several
    Problem-Type   : local (remote)
    Debian-specific: no
    CVE IDs        : CAN-2005-0397 CAN-2005-0759 CAN-2005-0760 CAN-2005-0762
    BugTraq ID     : 12875
    Debian Bug     : 297990
    
    Several vulnerabilities have been discovered in ImageMagick, a
    commonly used image manipulation library.  These problems can be
    exploited by a carefully crafted graphic image.  The Common
    Vulnerabilities and Exposures project identifies the following
    problems:
    
    CAN-2005-0397
    
        Tavis Ormandy discovered a format string vulnerability in the
        filename handling code which allows a remote attacker to cause a
        denial of service and possibly execute arbitrary code.
    
    CAN-2005-0759
    
        Andrei Nigmatulin discovered a denial of service condition which
        can be caused by an invalid tag in a TIFF image.
    
    CAN-2005-0760
    
        Andrei Nigmatulin discovered that the TIFF decoder is vulnerable
        to accessing memory out of bounds which will result in a
        segmentation fault.
    
    CAN-2005-0762
    
        Andrei Nigmatulin discovered a buffer overflow in the SGI parser
        which allows a remote attacker to execute arbitrary code via a
        specially crafted SGI image file.
    
    For the stable distribution (woody) these problems have been fixed in
    version 5.4.4.5-1woody6.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 6.0.6.2-2.2.
    
    We recommend that you upgrade your imagemagick package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.dsc
          Size/MD5 checksum:      852 a15c9207799f081dd98137741ea6ff3a
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.diff.gz
          Size/MD5 checksum:    16745 4d7ca7465c6ddccf2469daa50708bb10
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
          Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:  1309984 ba338db7c136e444624ea1baf4542882
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:   154312 e84ecca66a19e9ab19c5cdccc7b50cf2
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:    56504 97107fda4a8fdab9f94878dc0c64099f
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:   833508 d509ef8f730fbb1859c25e80ed541631
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:    67496 4cea2503f109812d1e9b15c59864a162
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_alpha.deb
          Size/MD5 checksum:   114002 c36b4b799a35aafdeea7e15812b9317f
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:  1297364 311a8c69fe6e5c9fb07cd46a9efe9b6c
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:   118998 7a4e8fbf7fc3c4ef0cd7a55a94aedebb
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:    56568 6d15686630d656bde0154bc2198737e9
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:   898982 99b8e3cd11b6628d5bc8b1ce3631661a
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:    67566 64d6832600f49dd5cc521200d6a3aaff
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_arm.deb
          Size/MD5 checksum:   110130 a1183bf2e0f132242e12e61ff2709579
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:  1294944 68e814230b7f1d9541b6425a308202ad
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:   122958 1e8124a2a00f4313f53fed519f597934
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:    56520 93d4e5a3fe8b73186144c3c32da1c7a5
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:   772790 b7aa7c91e2f0ccc8459659e50d2c3e29
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:    67516 bb9f2f32b01674c9251b3384a7ea7ecb
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_i386.deb
          Size/MD5 checksum:   107116 62dd2d24f082e40ee99ad34804571732
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:  1336402 6b3759a5668e38fffbe4d7b42815fce9
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:   137224 d14afd94727d4adc452acff048e6532c
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:    56492 c1449b54caaa5cb44522b4e1bf726100
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:  1360250 f6a07a004cdde46a4ca63e9342c2c263
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:    67496 34645b0a4d2e91a1e3e5be40f79b7831
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_ia64.deb
          Size/MD5 checksum:   133128 fc4146c8b9e40d7d1fafc446cfe9f5f9
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:  1297598 439b7582db0bf3d81ecb07828d0f2193
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:   133080 839a81effa97b63cc94c1d017be5a111
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:    56538 8b3d64f7b275b6b162a3b5ab8c308f87
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:   860082 9b1af5e4b8bbec6e444b4c064eca20db
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:    67536 81ff1905a0cc25a08c7933854c8870b5
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_hppa.deb
          Size/MD5 checksum:   117380 4b508a87b1adf0df70b01776ac12ecde
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:  1292754 200fcc0ede095f3664278142a3616826
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:   134232 6d630d0cf31bca101414eaf85bfad676
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:    56568 8d36f2552a7a243830d686b341475ac5
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:   752122 a20851d31e0414e0f711483f7c0880b5
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:    67548 6d4d8d54045d3536382813636c772ddb
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_m68k.deb
          Size/MD5 checksum:   107638 fa7e7f41400e0d1e6ab1a023f0b3680a
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:  1295080 7c56fcf5c91d7e150f5ffdd918a59f0d
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:   120514 0acf33b18ed3d13cb91123470ea119e3
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:    56542 f4059130ba28f7b5aaee65eb8b309034
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:   733268 72e09e1882693c1ce23b1e4af7bff832
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:    67536 5d8b6d466b1d196958fdb4af25aceac1
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mips.deb
          Size/MD5 checksum:   103552 bedac29cebdb07de2cfcaacc74f2cd95
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:  1294986 d019d898ebf34e294d22de0961766cb1
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:   114194 a0938f3c642123d54eed414849c6a208
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:    56540 96a61a77e9f4586f376e426e9fd38f60
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:   721260 0d391b1dacecfe583be7475839b60f44
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:    67532 185ed4d1909ce47b330c2dcccf556cfa
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mipsel.deb
          Size/MD5 checksum:   103082 71995a7aa491caf5934372dcbe5a0f25
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:  1291654 8668dc869e092374cf065577efe0299c
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:   136166 3e82b082adb87fcac9d7de985c1e5569
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:    56530 477261d1d2ba7e708489e421f16f9169
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:   786508 94134153d2197af796b361570c0eabc8
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:    67524 d98810b21696d04234de762965538249
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_powerpc.deb
          Size/MD5 checksum:   112134 934550e0901466a6cde901ae495a3a22
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:  1292328 718d9b153f4ef476c87d5edd7a49e17b
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:   132222 9884c69ac67a3bbdc816c3fa99754da7
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:    56522 4d78d6cf4bf65450c96a3b790253bfbe
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:   778350 8d9559caafcf89f5a3ac7ca176590868
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:    67526 bcc3415a9a8713de9090a02574619519
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_s390.deb
          Size/MD5 checksum:   109200 cd42c80bc62007d844e968cbbcdd552c
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:  1295418 d4856270abcdd7f13edeb936b6fef130
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:   124058 398f89e2b26f3de378c8637a7918295d
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:    56536 401e2418f5e0467a873cc085c97f5cd6
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:   802868 058c06b4bba2b2a5349ff75444eaa236
        http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:    67526 bf83c12f85bfe35bcaefa60c8d2054d4
        http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_sparc.deb
          Size/MD5 checksum:   113100 94154ee3f7695ecdaebb0a39548f4908
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.