Ubuntu: imagemagick vulnerabilities

    Date16 Oct 2006
    CategoryUbuntu
    2361
    Posted ByLinuxSecurity Advisories
    Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.
    =========================================================== 
    Ubuntu Security Notice USN-340-1         September 06, 2006
    imagemagick vulnerabilities
    CVE-2006-3743, CVE-2006-3744
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 5.04
    Ubuntu 5.10
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 5.04:
      libmagick6                               6:6.0.6.2-2.1ubuntu1.4
    
    Ubuntu 5.10:
      libmagick6                               6:6.2.3.4-1ubuntu1.3
    
    Ubuntu 6.06 LTS:
      libmagick9                               6:6.2.4.5-0.6ubuntu0.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Tavis Ormandy discovered several buffer overflows in imagemagick's Sun
    Raster and XCF (Gimp) image decoders. By tricking a user or automated
    system into processing a specially crafted image, this could be
    exploited to execute arbitrary code with the users' privileges.
    
    
    Updated packages for Ubuntu 5.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.diff.gz
          Size/MD5:   143874 bd710b48cad9d3d0266fa4dcd5523a48
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.dsc
          Size/MD5:      899 e531cba19eb8e41c60e101cc6e79a486
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
          Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:  1466542 7f9e75099eed68669d5784876ae6066b
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:   229066 0db412e0a3bcf57d371eabbe1913fd24
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:   163878 3134724644ad57be626b8ff613a4c835
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:  1551292 62abe53d84248daa41b5c851a3497c7a
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:  1195038 201931b29c9950dd1027bfe217be6462
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
          Size/MD5:   232130 b854f8b1de8e335d3e4e4d16ddce8cf8
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:  1465282 3c6d5443fe05ec3975766b03b3c763ef
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:   209096 eb535269e229ebfbd222bb956bdb7e6a
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:   164478 8dee42e92a08db66e02d7c6907fed68b
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:  1453974 fc61c840f10cebd266617dd8350d06a1
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:  1140640 e09d81a8c7816587cc3499043f4443cc
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_i386.deb
          Size/MD5:   232508 f1ab150d2419681e6766748ca7cdabeb
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:  1471972 ba92c6f99f9dbad7941cfe7904fc4c9d
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:   228064 8264660aa7e900a5b229211d2ab6fe95
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:   157060 4c490ebe8e9ea43b64c60fa4925b69c9
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:  1686208 3d22a7499735de8d09c52bdea473cfab
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:  1169978 9d3f855e0683a6e7769cdd532f8f3975
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
          Size/MD5:   270880 5b8ea03a3203cb9d76cfe2b423e47464
    
    Updated packages for Ubuntu 5.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.diff.gz
          Size/MD5:   143292 a6c6e92f30a8a62c2f309889ccdf127e
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.dsc
          Size/MD5:      899 8243dd001de2172bf8cb1e4c28feeed8
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
          Size/MD5:  5769194 7e9a3edd467a400a74126eb4a18e31ef
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:  1333894 ef56ee172d0cbb7c7b3cef82c9ee03ee
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:   259336 bdad8c4e22b7d26393f31d8f90a06e15
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:   171398 195c91188443422b9f58b8e10fe8362c
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:  1670736 35a690079e1c0304ba7f85b27a7a38fa
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:  1320416 9df057b70b2e090f32198815726f468a
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_amd64.deb
          Size/MD5:   169418 40245a5d603fdf86d74c04a5b119e730
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:  1332870 43996727c09d0731c140f0cd211a46f3
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:   235760 3a1052372a9c8216d940f73012944aad
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:   170648 74558cf36b88a099f5e4dfb76974c86f
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:  1521778 e3acb57b6d90aae20e3a26dc8962a45f
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:  1224274 a59c665803b450a8cc91db7353cc6883
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_i386.deb
          Size/MD5:   164720 d6249157f6bbe9908d863728a920b9b8
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:  1337722 e2137e6a371c985bc4b5e6f83fd58b21
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:   260278 dcd0a323ba23dd3bb5b702ec3aa8825d
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:   163906 33c052c757665c20a40ae1ce39b718c8
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:  1874192 ae37d509a273a974b90e5337027da8f2
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:  1258020 92e4fc65e39cd6ccfe6311e8b0ad4ddc
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_powerpc.deb
          Size/MD5:   163864 4e43a897b67d0fa938cd676fd0778d32
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:  1333086 8b2ef320547ab41b906dd10a717023e3
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:   236926 00bdd59a73387766501db7e585a5f64e
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:   168758 59db7fd855648fbef9608d9a5ff5681c
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:  1782006 5fdbe61fa9b4d2b398e8784cd1248dcc
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:  1323562 4836a4cdd037cf30d3c7c0fa27884b2e
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_sparc.deb
          Size/MD5:   166172 b3221914a5a54cacdde143a67be8b742
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.diff.gz
          Size/MD5:    34590 249b4fe9ed75b1e0abcf9956dc3ddab0
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.dsc
          Size/MD5:      916 2bb38f32d3c2580682cfa2a8e69ef324
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
          Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:  1615846 73d81c2ba3172e54bc6743b5b335e240
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:   249128 c894ddd5a0e1e3e0a93e52ca10e41592
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:   170050 210554ce3ebf4958db65abc22886a604
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:  1702182 ff4b37412322f4e17c360b90acd21d86
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:  1347584 9c0e4ac80a3af279ac3bcb4ce5f20cc5
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
          Size/MD5:   171700 69bc5febb49cfb2082897beac7137ef4
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:  1614570 a11713f48746d737a030a9952c932453
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:   226878 e2a19eb162016210faf2a0114e24c373
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:   168172 e7d47bf2bd7e52362b0b6f3163552aff
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:  1555620 eb28867580922dd40a17229f44e05d2d
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:  1246668 5db32ffab79ac41cc59ccc4031f07296
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_i386.deb
          Size/MD5:   167086 d18e7867ec2a7525dd506cb2d1a622fb
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:  1619566 a7482b2b79145d9057dd7e9732ab5f3f
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:   251276 e83357186921572b87655690278b1213
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:   162204 e7308053ac5829460a013872b8b1cc49
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:  1905462 cb7f66550b75283eda721835ab4c932e
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:  1283510 184890bdf2b5d49f58979e58c31f2128
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
          Size/MD5:   166092 ccaaf9aec42105b3f5a7af4e4e57a60c
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:  1615182 029dc2b26ee3f43c351d194edb594f51
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:   229030 1fdd60f6c3c0d5129f3a371c981d15a0
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:   167030 8be206f32a61cf973660b5f06d53c2e9
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:  1807156 0b98f302cb8303b0cedbadd04d89444a
        http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:  1343110 3ecfeb730455ebca16d786e0bd403610
        http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
          Size/MD5:   168794 7ceaa705e2fbbd0f664e8fcfc98bd648
    
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.