Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: imagemagick vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu M. Joonas Pihlaja discovered that ImageMagick did not sufficiently verify the validity of PALM and DCM images. When processing a specially crafted image with an application that uses imagemagick, this could be exploited to execute arbitrary code with the application's privileges.
Ubuntu Security Notice USN-372-1          November 01, 2006
imagemagick vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libmagick6                               6:

Ubuntu 5.10:
  libmagick6                               6:

Ubuntu 6.06 LTS:
  libmagick9                               6:

Ubuntu 6.10:
  libmagick9                               7:

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

M. Joonas Pihlaja discovered that ImageMagick did not sufficiently
verify the validity of PALM and DCM images. When processing a
specially crafted image with an application that uses imagemagick,
this could be exploited to execute arbitrary code with the
application's privileges.

Updated packages for Ubuntu 5.04:

  Source archives:
      Size/MD5:   144502 96cdc6266e29aa2ba91e09adc67a3c2a
      Size/MD5:      899 6bb10253b54d9b68b99ab5e117d0bb86
      Size/MD5:  6824001 477a361ba0154cc2423726fab4a3f57c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  1466726 30529972b274e75f686f38aab2e27e36
      Size/MD5:   229236 13fa208a5cb5f6acdfd271836b39e2f0
      Size/MD5:   164022 e4b7c3ed32275b45e7a982bc9be16710
      Size/MD5:  1551474 6a6e325d036aa7369e42ea7bc60223b4
      Size/MD5:  1195388 38967817dd23a96f6cbbe996c26d86bc
      Size/MD5:   232262 3ae7c25400744ee24260453e4a952406

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1465348 e4330a298179425f3d88db6f308f6520
      Size/MD5:   209222 879366413a35554aed05bcf9f27f038b
      Size/MD5:   164516 21497849c6a53e77db86cf217ce5d81a
      Size/MD5:  1454216 12f86d30660e81477ead1ac3e4ed383c
      Size/MD5:  1140964 c289aa3e81f0d5106d2fd9d23ba1795e
      Size/MD5:   232642 8b317e6dfe26d08b31bc536d2c083827

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1472140 b3b445e1a7af2910ed9e7f8be844f909
      Size/MD5:   228208 99d28d5a4b541a032d52754eebe7aba9
      Size/MD5:   157202 e5553dbb2bf94dac87e16114652f029f
      Size/MD5:  1686432 ad415b90f40c1ab31e023f1df6adcb4e
      Size/MD5:  1170248 7a16caf06e3834dffccc4652cd302993
      Size/MD5:   270978 caebe7cef826261b11fb068008ed60b9

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   143918 8dd23724e67f3bddc3aa84605f0cf6ca
      Size/MD5:      899 58b91b7ec00b5d0483ce070f1e8388bc
      Size/MD5:  5769194 7e9a3edd467a400a74126eb4a18e31ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  1333988 953a195e7ae503626c3320dde7ed72cd
      Size/MD5:   259426 1ce1270fd1c49e1fa024db846961f89f
      Size/MD5:   171470 b3ad7733bfca4788ec88a2fd08ec2a2a
      Size/MD5:  1671122 ace2bb83eb946dad1e7f012335d67943
      Size/MD5:  1320760 d493aac8bd7dd16cca3096f5d9f835fe
      Size/MD5:   169552 143d04e6a8035168db89f360e2051903

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1332978 f5ca133a3cb76d652890107068d574c9
      Size/MD5:   235898 3f80065faaddcd92662c9f6df86b48ab
      Size/MD5:   170780 21bc4938d624abefecbca9afe4f1d09e
      Size/MD5:  1522028 ac538e3ea0f6aef84770fbbced0c6072
      Size/MD5:  1224692 8b4e831c757e7b305f72605cb48e02e4
      Size/MD5:   164840 90d8363550b649be4705859523e9a02d

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1337886 0aecb181a2b3b7f52a23155510ade72f
      Size/MD5:   260388 71d0ac72531c2254b8e304142f417af3
      Size/MD5:   164022 28092bac7b94dabc59dca24df10d7cdc
      Size/MD5:  1874510 39c305e0addd1a94284dcde33ab9df14
      Size/MD5:  1258286 39cbb88bc58c3280e4401ed9116860e8
      Size/MD5:   163992 c3d41c62be266f2c3fe9c266461b545c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  1333190 ac554f62e1686ed621a4bab21369f882
      Size/MD5:   237060 9f9ff69dfc760f18e3eb8b6a6603fa91
      Size/MD5:   168936 a2f50904d9d1637907c7d2e103556d28
      Size/MD5:  1782272 7f03f5d6d7d9018d7c5e5237b93f6c05
      Size/MD5:  1323962 9106e33d17d389e0626da180ec012701
      Size/MD5:   166308 d78a02bd5ed9ff975bf7cb3cab6632d8

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    35130 1faf498a57ec6e5ea18e0c072cf9a8d9
      Size/MD5:      916 a4f711630724113301dbfeb2df4395e0
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  1615954 2149178d9fd28897a3c6fd2c491e9446
      Size/MD5:   249206 1ff95a0af9f962edaee38ccfc856c564
      Size/MD5:   170104 8ccdedbe851271b799534d38fa8aef30
      Size/MD5:  1702484 31c88d7cf9159809dec0265e537973ac
      Size/MD5:  1347912 04536a33add640f7b564b50d33336bea
      Size/MD5:   171830 176568b8c0ebece007649cef8951c08a

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1614696 e1b8f9848856a58f55fae279565dc076
      Size/MD5:   227008 3ff3355410937ac247eee0fe4a9a4365
      Size/MD5:   168354 58b9bee7ed0d3bd618044e9340e9d7f5
      Size/MD5:  1555878 98034bd5a96af0678965806cd168494c
      Size/MD5:  1246892 c2e40b0384bbc3340cd92121338704a1
      Size/MD5:   167218 826e884e629bd435974a0b20fd44fe6b

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1619690 3dfc04ee370a409652df16a60f55bdf5
      Size/MD5:   251396 2cac68d5d4e7cf88b85840030017b5a2
      Size/MD5:   162346 e7c2100db6cca74fca43befa56ca3135
      Size/MD5:  1905896 857f0ca00902dbb2195a7f95c84b17ba
      Size/MD5:  1283792 89ea0de0689c8cbc0917897c29814081
      Size/MD5:   166220 f2837b5763a471a65ee4cffd251a1503

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  1615312 1d393ab5bb9789c53d104a7200aadcb3
      Size/MD5:   229182 f56aac12573aa0a8477f6a732ff215b8
      Size/MD5:   167186 69fa08c7e568bea4961fc7fee4bff779
      Size/MD5:  1807408 bfc3327e022be55b55824cf9b7f078c6
      Size/MD5:  1343696 8449022de57855311a3c13ac77f90354
      Size/MD5:   168932 2b90f44f162105b1770a144f12240025

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    86939 0273702247d7029c19088435a1188690
      Size/MD5:      953 bf00204c47b4e2dd48f2280e458b9820
      Size/MD5:  5203463 2c5d3723d25c4119cf003efce2161c56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   742750 8e706a5eeaeee60ecfff5c704fd9ed6f
      Size/MD5:   247648 a9819de3bafafb2a7855c957fbf13593
      Size/MD5:   170128 5d5e867d47238a09a3e9fab4e402b171
      Size/MD5:  1683534 f8150bfa217135f714c68970b365ee68
      Size/MD5:  1330040 81ce158df2d4bd616081489a1a30ac30
      Size/MD5:   172158 122abf0e656fe204bcf32c0f249e5cde

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   742224 fcf8dcb974fa4347a31e69487a21e6c3
      Size/MD5:   227188 b6bd454c5bd7a6a1b8cd1c0e43a0ec89
      Size/MD5:   168936 67eee244ac112b7edd7ddadd25fa5353
      Size/MD5:  1591000 e99e8b130b7fec1522ab151281418f67
      Size/MD5:  1285390 67b32783d2f0000da5b522c10253bfa9
      Size/MD5:   167698 c4989f6e88349832aaf50bce0380c3f2

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   746286 fb8c901a8cdd6f41cca02ac7b54b361d
      Size/MD5:   251506 6a600c74335588865deb38857dc92a24
      Size/MD5:   162654 3a31cfd5f5ed88277ca5e1b336eb4d0d
      Size/MD5:  1918166 1e7529e780454da1ef84b3d70c86b9b4
      Size/MD5:  1296618 7a76234a2cacec2e3790c02d09084e4b
      Size/MD5:   168368 9513e0612c2f3d75f0bdc4144a8967e5

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   742250 1d039fa163cdf20c97d84102c5eb2af3
      Size/MD5:   229050 fb7f29883dd5a5f99d419592383ab4f9
      Size/MD5:   167680 8a7570a56925c201d594cf3c771ce34e
      Size/MD5:  1854042 4357668480e4dd2e05d1e58895513330
      Size/MD5:  1382884 5dda6687e4de0884de79d1529b146e8b
      Size/MD5:   173864 531d3f68c8cb859291a66f7657402e67

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.