--------------------------------------------------------------------------
Debian Security Advisory DSA 547-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
September 16th, 2004                     Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : imagemagic
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0827
Debian Bug     : 268357

Marcus Meissner from SUSE has discovered several buffer overflows in
the ImageMagick graphics library.  An attacker could create a
malicious image or video file in AVI, BMP, or DIB format that could
crash the reading process.  It might be possible that carefully
crafted images could also allow to execute arbitrary code with the
capabilities of the invoking process.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody3.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      852 bd30219ef391bf92ddd1d9440bb204c8
      
      Size/MD5 checksum:    15029 919a9ce109d79cbd46be07600659ad23
      
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

      
      Size/MD5 checksum:  1309670 da500b46b1267ff4d03976e308065acd
      
      Size/MD5 checksum:   154074 6971608db558ff0782c3ad0ae009462c
      
      Size/MD5 checksum:    56140 092caa97de894d81df0140dd2b28dae4
      
      Size/MD5 checksum:   833318 10bbbd147658ead4decfda1df4e18a1d
      
      Size/MD5 checksum:    67182 12ff257149eabf085a6dfce68053f402
      
      Size/MD5 checksum:   113698 9f081ff178091a2e608d067790d01436

  ARM architecture:

      
      Size/MD5 checksum:  1296992 05fa897edf7b0d89995491f4ba449688
      
      Size/MD5 checksum:   118588 6f9a48ee452713a8e55ab41be4ef470c
      
      Size/MD5 checksum:    56186 1ad5494d3584fcc8a0a5b80b8a393c03
      
      Size/MD5 checksum:   898494 f07051e3c12c743335abf1a0485cf03c
      
      Size/MD5 checksum:    67226 fdf2758a658b2327166a757e69b47851
      
      Size/MD5 checksum:   109822 9b76a15b68ae88c118c589e33db86b96

  Intel IA-32 architecture:

      
      Size/MD5 checksum:  1295002 649843a11bd6e67e716a7b428a003ed7
      
      Size/MD5 checksum:   122680 df5253599920dcc08e930b9fb066f5ab
      
      Size/MD5 checksum:    56154 c88abf1babb06cbf1fb331867e07b0f7
      
      Size/MD5 checksum:   772402 b4af59f9a6b39ba622f7044a6c803098
      
      Size/MD5 checksum:    67192 93da49b34877c0d0a1cc5401d015f3ec
      
      Size/MD5 checksum:   106814 31e28aa6bb9018089636a765542292f4

  Intel IA-64 architecture:

      
      Size/MD5 checksum:  1336076 83a4c1a3cb25f72329af8c1911155364
      
      Size/MD5 checksum:   136966 32bcfb89db6ef6303259b89690f6b34a
      
      Size/MD5 checksum:    56144 cc7a6e8c841953f5c2f28172f3339bdf
      
      Size/MD5 checksum:  1359876 b859f2de467d20bc88a49d5255113518
      
      Size/MD5 checksum:    67184 b1c6c79044eaee12ea665e838173e644
      
      Size/MD5 checksum:   132808 64357db2d047e28efb6ecf34712f81d4

  HP Precision architecture:

      
      Size/MD5 checksum:  1297246 d91a93010d0a9b06ef2e7e7c24067eab
      
      Size/MD5 checksum:   132754 d94ce1833a7622ec7cb1e87e1f7d4d1f
      
      Size/MD5 checksum:    56178 227dc8a44dec7c8f5ffd7d04d007bf5a
      
      Size/MD5 checksum:   859610 5e31aa4f3847a122c9b028a7e4cc53c2
      
      Size/MD5 checksum:    67224 1aa9441ecd0df3be9c9c521c023235f4
      
      Size/MD5 checksum:   117068 569cddc344832c2651a09302adcb4be9

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:  1292374 d33d961d168fa1da3e81258593f6cad1
      
      Size/MD5 checksum:   133904 818babd031d9464983228be672f3ba63
      
      Size/MD5 checksum:    56194 62f0e0c37d37def3276b472748baf09c
      
      Size/MD5 checksum:   751662 f15c730f9e533099c4a4fffc43b97320
      
      Size/MD5 checksum:    67248 e745b4e81854b018b410351f06d4f9f5
      
      Size/MD5 checksum:   107322 00fa726acbc7db8761babcf7c3f12b6c

  Big endian MIPS architecture:

      
      Size/MD5 checksum:  1294824 e1c5c5962301328b006f84d9f4552473
      
      Size/MD5 checksum:   120156 e8682a8b9ae6add5268a36d40c7cf60c
      
      Size/MD5 checksum:    56204 39898ed1a2842b4af52cecb46dc11e01
      
      Size/MD5 checksum:   732964 a4fb5327892e275223584dac87fd5f70
      
      Size/MD5 checksum:    67238 08cab47dc272d5c79268616d4cfdafc4
      
      Size/MD5 checksum:   103238 74db9479973dd03fa2043b86c09e6f54

  Little endian MIPS architecture:

      
      Size/MD5 checksum:  1294630 0567612bd39cbb9e112305e981f3dddb
      
      Size/MD5 checksum:   113644 9f02d8c68dc3a3ec3ac1a0bbefaf3cd4
      
      Size/MD5 checksum:    56188 197d278743e9a63d2965debf6307e229
      
      Size/MD5 checksum:   720946 267d45b9082758cb6d248d4835d7a906
      
      Size/MD5 checksum:    67222 9288acd5cf8e0d954a698a57490bdf9f
      
      Size/MD5 checksum:   102766 8c1f9380559702fc5763cc3591d289a6

  PowerPC architecture:

      
      Size/MD5 checksum:  1291356 13b81750624a3251a6bf6c73a41ddffc
      
      Size/MD5 checksum:   135816 6bb64246e67de0778d6f92f126e6cedd
      
      Size/MD5 checksum:    56162 7f8990171bc17c386d1fd59f76d8d0f5
      
      Size/MD5 checksum:   785946 30216abae843bfb90a40ed0e54899648
      
      Size/MD5 checksum:    67212 a42b2482a1cabaeaba2a0464bd50d197
      
      Size/MD5 checksum:   111830 a2b06d2e30c5acb8384896d66cd6ec56

  IBM S/390 architecture:

      
      Size/MD5 checksum:  1292026 87ad365ff0f76a959d15e6791099861e
      
      Size/MD5 checksum:   131922 b592d2de28c42fad73003745620ba6a6
      
      Size/MD5 checksum:    56168 27d05d99677a8f05814991d6c54d3125
      
      Size/MD5 checksum:   777904 28d8e1d90473b7fd9de7008133826106
      
      Size/MD5 checksum:    67210 bc6bc6951ac1845ad2c2576ba12b4144
      
      Size/MD5 checksum:   108872 3a9b40bd966e82e72b6083933257b108

  Sun Sparc architecture:

      
      Size/MD5 checksum:  1295066 75a65f7dc635c36b0e106f320fc003b9
      
      Size/MD5 checksum:   123762 f1e8dd9d054f5c6720ef3a72e9292956
      
      Size/MD5 checksum:    56180 aab8608e0ebb8bfb114517afb32731bf
      
      Size/MD5 checksum:   802498 afed76b4789398a8844af142ded2612c
      
      Size/MD5 checksum:    67216 99ac5d6fd3dabef7acec81b29a90fc9c
      
      Size/MD5 checksum:   112778 b263339035dad232832a8b48dc221ed8


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: imagemagic buffer overflows

September 16, 2004
Marcus Meissner from SUSE has discovered several buffer overflows inthe ImageMagick graphics library.

Summary

Marcus Meissner from SUSE has discovered several buffer overflows in
the ImageMagick graphics library. An attacker could create a
malicious image or video file in AVI, BMP, or DIB format that could
crash the reading process. It might be possible that carefully
crafted images could also allow to execute arbitrary code with the
capabilities of the invoking process.

For the stable distribution (woody) this problem has been fixed in
version 5.4.4.5-1woody3.

For the unstable distribution (sid) this problem has been fixed in
version 6.0.6.2-1.

We recommend that you upgrade your imagemagick packages.


Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 852 bd30219ef391bf92ddd1d9440bb204c8

Size/MD5 checksum: 15029 919a9ce109d79cbd46be07600659ad23

Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:


Size/MD5 checksum: 1309670 da500b46b1267ff4d03976e308065acd

Size/MD5 checksum: 154074 6971608db558ff0782c3ad0ae009462c

Size/MD5 checksum: 56140 092caa97de894d81df0140dd2b28dae4

Size/MD5 checksum: 833318 10bbbd147658ead4decfda1df4e18a1d

Size/MD5 checksum: 67182 12ff257149eabf085a6dfce68053f402

Size/MD5 checksum: 113698 9f081ff178091a2e608d067790d01436

ARM architecture:


Size/MD5 checksum: 1296992 05fa897edf7b0d89995491f4ba449688

Size/MD5 checksum: 118588 6f9a48ee452713a8e55ab41be4ef470c

Size/MD5 checksum: 56186 1ad5494d3584fcc8a0a5b80b8a393c03

Size/MD5 checksum: 898494 f07051e3c12c743335abf1a0485cf03c

Size/MD5 checksum: 67226 fdf2758a658b2327166a757e69b47851

Size/MD5 checksum: 109822 9b76a15b68ae88c118c589e33db86b96

Intel IA-32 architecture:


Size/MD5 checksum: 1295002 649843a11bd6e67e716a7b428a003ed7

Size/MD5 checksum: 122680 df5253599920dcc08e930b9fb066f5ab

Size/MD5 checksum: 56154 c88abf1babb06cbf1fb331867e07b0f7

Size/MD5 checksum: 772402 b4af59f9a6b39ba622f7044a6c803098

Size/MD5 checksum: 67192 93da49b34877c0d0a1cc5401d015f3ec

Size/MD5 checksum: 106814 31e28aa6bb9018089636a765542292f4

Intel IA-64 architecture:


Size/MD5 checksum: 1336076 83a4c1a3cb25f72329af8c1911155364

Size/MD5 checksum: 136966 32bcfb89db6ef6303259b89690f6b34a

Size/MD5 checksum: 56144 cc7a6e8c841953f5c2f28172f3339bdf

Size/MD5 checksum: 1359876 b859f2de467d20bc88a49d5255113518

Size/MD5 checksum: 67184 b1c6c79044eaee12ea665e838173e644

Size/MD5 checksum: 132808 64357db2d047e28efb6ecf34712f81d4

HP Precision architecture:


Size/MD5 checksum: 1297246 d91a93010d0a9b06ef2e7e7c24067eab

Size/MD5 checksum: 132754 d94ce1833a7622ec7cb1e87e1f7d4d1f

Size/MD5 checksum: 56178 227dc8a44dec7c8f5ffd7d04d007bf5a

Size/MD5 checksum: 859610 5e31aa4f3847a122c9b028a7e4cc53c2

Size/MD5 checksum: 67224 1aa9441ecd0df3be9c9c521c023235f4

Size/MD5 checksum: 117068 569cddc344832c2651a09302adcb4be9

Motorola 680x0 architecture:


Size/MD5 checksum: 1292374 d33d961d168fa1da3e81258593f6cad1

Size/MD5 checksum: 133904 818babd031d9464983228be672f3ba63

Size/MD5 checksum: 56194 62f0e0c37d37def3276b472748baf09c

Size/MD5 checksum: 751662 f15c730f9e533099c4a4fffc43b97320

Size/MD5 checksum: 67248 e745b4e81854b018b410351f06d4f9f5

Size/MD5 checksum: 107322 00fa726acbc7db8761babcf7c3f12b6c

Big endian MIPS architecture:


Size/MD5 checksum: 1294824 e1c5c5962301328b006f84d9f4552473

Size/MD5 checksum: 120156 e8682a8b9ae6add5268a36d40c7cf60c

Size/MD5 checksum: 56204 39898ed1a2842b4af52cecb46dc11e01

Size/MD5 checksum: 732964 a4fb5327892e275223584dac87fd5f70

Size/MD5 checksum: 67238 08cab47dc272d5c79268616d4cfdafc4

Size/MD5 checksum: 103238 74db9479973dd03fa2043b86c09e6f54

Little endian MIPS architecture:


Size/MD5 checksum: 1294630 0567612bd39cbb9e112305e981f3dddb

Size/MD5 checksum: 113644 9f02d8c68dc3a3ec3ac1a0bbefaf3cd4

Size/MD5 checksum: 56188 197d278743e9a63d2965debf6307e229

Size/MD5 checksum: 720946 267d45b9082758cb6d248d4835d7a906

Size/MD5 checksum: 67222 9288acd5cf8e0d954a698a57490bdf9f

Size/MD5 checksum: 102766 8c1f9380559702fc5763cc3591d289a6

PowerPC architecture:


Size/MD5 checksum: 1291356 13b81750624a3251a6bf6c73a41ddffc

Size/MD5 checksum: 135816 6bb64246e67de0778d6f92f126e6cedd

Size/MD5 checksum: 56162 7f8990171bc17c386d1fd59f76d8d0f5

Size/MD5 checksum: 785946 30216abae843bfb90a40ed0e54899648

Size/MD5 checksum: 67212 a42b2482a1cabaeaba2a0464bd50d197

Size/MD5 checksum: 111830 a2b06d2e30c5acb8384896d66cd6ec56

IBM S/390 architecture:


Size/MD5 checksum: 1292026 87ad365ff0f76a959d15e6791099861e

Size/MD5 checksum: 131922 b592d2de28c42fad73003745620ba6a6

Size/MD5 checksum: 56168 27d05d99677a8f05814991d6c54d3125

Size/MD5 checksum: 777904 28d8e1d90473b7fd9de7008133826106

Size/MD5 checksum: 67210 bc6bc6951ac1845ad2c2576ba12b4144

Size/MD5 checksum: 108872 3a9b40bd966e82e72b6083933257b108

Sun Sparc architecture:


Size/MD5 checksum: 1295066 75a65f7dc635c36b0e106f320fc003b9

Size/MD5 checksum: 123762 f1e8dd9d054f5c6720ef3a72e9292956

Size/MD5 checksum: 56180 aab8608e0ebb8bfb114517afb32731bf

Size/MD5 checksum: 802498 afed76b4789398a8844af142ded2612c

Size/MD5 checksum: 67216 99ac5d6fd3dabef7acec81b29a90fc9c

Size/MD5 checksum: 112778 b263339035dad232832a8b48dc221ed8


These files will probably be moved into the stable distribution on
its next update.

Severity
Package : imagemagic
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0827
Debian Bug : 268357

Related News