LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: imagemagick vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.
=========================================================== 
Ubuntu Security Notice USN-340-1         September 06, 2006
imagemagick vulnerabilities
CVE-2006-3743, CVE-2006-3744
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libmagick6                               6:6.0.6.2-2.1ubuntu1.4

Ubuntu 5.10:
  libmagick6                               6:6.2.3.4-1ubuntu1.3

Ubuntu 6.06 LTS:
  libmagick9                               6:6.2.4.5-0.6ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered several buffer overflows in imagemagick's Sun
Raster and XCF (Gimp) image decoders. By tricking a user or automated
system into processing a specially crafted image, this could be
exploited to execute arbitrary code with the users' privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.diff.gz
      Size/MD5:   143874 bd710b48cad9d3d0266fa4dcd5523a48
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4.dsc
      Size/MD5:      899 e531cba19eb8e41c60e101cc6e79a486
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
      Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1466542 7f9e75099eed68669d5784876ae6066b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   229066 0db412e0a3bcf57d371eabbe1913fd24
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   163878 3134724644ad57be626b8ff613a4c835
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1551292 62abe53d84248daa41b5c851a3497c7a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:  1195038 201931b29c9950dd1027bfe217be6462
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_amd64.deb
      Size/MD5:   232130 b854f8b1de8e335d3e4e4d16ddce8cf8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1465282 3c6d5443fe05ec3975766b03b3c763ef
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   209096 eb535269e229ebfbd222bb956bdb7e6a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   164478 8dee42e92a08db66e02d7c6907fed68b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1453974 fc61c840f10cebd266617dd8350d06a1
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:  1140640 e09d81a8c7816587cc3499043f4443cc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_i386.deb
      Size/MD5:   232508 f1ab150d2419681e6766748ca7cdabeb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1471972 ba92c6f99f9dbad7941cfe7904fc4c9d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   228064 8264660aa7e900a5b229211d2ab6fe95
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   157060 4c490ebe8e9ea43b64c60fa4925b69c9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1686208 3d22a7499735de8d09c52bdea473cfab
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:  1169978 9d3f855e0683a6e7769cdd532f8f3975
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.6.2-2.1ubuntu1.4_powerpc.deb
      Size/MD5:   270880 5b8ea03a3203cb9d76cfe2b423e47464

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.diff.gz
      Size/MD5:   143292 a6c6e92f30a8a62c2f309889ccdf127e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3.dsc
      Size/MD5:      899 8243dd001de2172bf8cb1e4c28feeed8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4.orig.tar.gz
      Size/MD5:  5769194 7e9a3edd467a400a74126eb4a18e31ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1333894 ef56ee172d0cbb7c7b3cef82c9ee03ee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   259336 bdad8c4e22b7d26393f31d8f90a06e15
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   171398 195c91188443422b9f58b8e10fe8362c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1670736 35a690079e1c0304ba7f85b27a7a38fa
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:  1320416 9df057b70b2e090f32198815726f468a
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_amd64.deb
      Size/MD5:   169418 40245a5d603fdf86d74c04a5b119e730

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1332870 43996727c09d0731c140f0cd211a46f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   235760 3a1052372a9c8216d940f73012944aad
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   170648 74558cf36b88a099f5e4dfb76974c86f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1521778 e3acb57b6d90aae20e3a26dc8962a45f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:  1224274 a59c665803b450a8cc91db7353cc6883
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_i386.deb
      Size/MD5:   164720 d6249157f6bbe9908d863728a920b9b8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1337722 e2137e6a371c985bc4b5e6f83fd58b21
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   260278 dcd0a323ba23dd3bb5b702ec3aa8825d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   163906 33c052c757665c20a40ae1ce39b718c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1874192 ae37d509a273a974b90e5337027da8f2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:  1258020 92e4fc65e39cd6ccfe6311e8b0ad4ddc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_powerpc.deb
      Size/MD5:   163864 4e43a897b67d0fa938cd676fd0778d32

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1333086 8b2ef320547ab41b906dd10a717023e3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   236926 00bdd59a73387766501db7e585a5f64e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6c2_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   168758 59db7fd855648fbef9608d9a5ff5681c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1782006 5fdbe61fa9b4d2b398e8784cd1248dcc
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:  1323562 4836a4cdd037cf30d3c7c0fa27884b2e
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.3.4-1ubuntu1.3_sparc.deb
      Size/MD5:   166172 b3221914a5a54cacdde143a67be8b742

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.diff.gz
      Size/MD5:    34590 249b4fe9ed75b1e0abcf9956dc3ddab0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2.dsc
      Size/MD5:      916 2bb38f32d3c2580682cfa2a8e69ef324
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1615846 73d81c2ba3172e54bc6743b5b335e240
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   249128 c894ddd5a0e1e3e0a93e52ca10e41592
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   170050 210554ce3ebf4958db65abc22886a604
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1702182 ff4b37412322f4e17c360b90acd21d86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:  1347584 9c0e4ac80a3af279ac3bcb4ce5f20cc5
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_amd64.deb
      Size/MD5:   171700 69bc5febb49cfb2082897beac7137ef4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1614570 a11713f48746d737a030a9952c932453
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   226878 e2a19eb162016210faf2a0114e24c373
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   168172 e7d47bf2bd7e52362b0b6f3163552aff
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1555620 eb28867580922dd40a17229f44e05d2d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:  1246668 5db32ffab79ac41cc59ccc4031f07296
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_i386.deb
      Size/MD5:   167086 d18e7867ec2a7525dd506cb2d1a622fb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1619566 a7482b2b79145d9057dd7e9732ab5f3f
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   251276 e83357186921572b87655690278b1213
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   162204 e7308053ac5829460a013872b8b1cc49
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1905462 cb7f66550b75283eda721835ab4c932e
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:  1283510 184890bdf2b5d49f58979e58c31f2128
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_powerpc.deb
      Size/MD5:   166092 ccaaf9aec42105b3f5a7af4e4e57a60c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1615182 029dc2b26ee3f43c351d194edb594f51
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   229030 1fdd60f6c3c0d5129f3a371c981d15a0
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   167030 8be206f32a61cf973660b5f06d53c2e9
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1807156 0b98f302cb8303b0cedbadd04d89444a
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:  1343110 3ecfeb730455ebca16d786e0bd403610
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.2_sparc.deb
      Size/MD5:   168794 7ceaa705e2fbbd0f664e8fcfc98bd648


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.