Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: ImageMagick vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
Ubuntu Security Notice USN-681-1          December 01, 2008
imagemagick vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  imagemagick                     6:

Ubuntu 7.10:
  imagemagick                     7:

After a standard system upgrade you need to restart any applications that
use ImageMagick, such as and Inkscape, to effect the
necessary changes.

Details follow:

It was discovered that ImageMagick did not correctly handle certain
malformed XCF images. If a user were tricked into opening a specially
crafted image with an application that uses ImageMagick, an attacker
could cause a denial of service and possibly execute arbitrary code with
the user's privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    42513 e496b5beeaca8ffaf73792efc552bb75
      Size/MD5:      922 18af22ef2d20f02bc71a2b4d525101ba
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1616784 e140ab1826153433380bf0e087401ce5
      Size/MD5:   249840 b52af42a36a2e6aeded4f0e1bdc3c7c5
      Size/MD5:   170776 f99388b02f4989d6b3d98886ecef69e3
      Size/MD5:  1705392 9de94091eb1cf8a31b28516c1444cd94
      Size/MD5:  1349700 a0712e9eefe0c2d2e8e59a5920dd8821
      Size/MD5:   172600 affa28f951b642bf64cdfdb4153b193d

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1615502 34f7ed99bbdaed2247321395623e9e6c
      Size/MD5:   227826 8308c202b96c1960fd352b4a011ba290
      Size/MD5:   169702 1380b74079bf68498434229be87ba197
      Size/MD5:  1558588 edfc14ac9018b3e6f4e303e83af74637
      Size/MD5:  1250130 72e586dfbe9bcb0602a37eadcce574bc
      Size/MD5:   167964 2bc1e8c08d403321df20868c6a646bfd

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1620342 50b2274fd75d9f8fe2c78d9bb9aad4be
      Size/MD5:   252100 d0073b909c9073b4108272cf58724bb2
      Size/MD5:   163178 228bf2af722438ff3584bb85075cf956
      Size/MD5:  1909532 b7d8d5fbdac11cc2bb8df9faffb6592d
      Size/MD5:  1285690 d1a834cc502a2ae7a8c0a805da80fd83
      Size/MD5:   166968 8c568ce0d4d7ab9f46e681f0f5c80b8f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1616114 80af67cc6405b2f9744a66f62ab7e35b
      Size/MD5:   229934 8069e7cc0272505907654484c0083400
      Size/MD5:   168044 bec93b0a4e03bf308c0e5e73649c0267
      Size/MD5:  1810056 df876fb99e74ac4efce39d6292fc7ed1
      Size/MD5:  1345938 6860ae7d2d44f88534954fa0bb13bf88
      Size/MD5:   169680 b4484481d95850f256bdb2b74d7d55cb

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   102763 811963207b510b778d0d7dfe587f51b5
      Size/MD5:     1161 cdd5a298b1e72c812040be67afcf3133
      Size/MD5:  5203463 2c5d3723d25c4119cf003efce2161c56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   741190 22a0f42c8fe6bf82b7e588a10960c7e6
      Size/MD5:   250830 d7fe4b4df55c1ac4f9b4628492e12f38
      Size/MD5:   190196 3c81b936c68598a798eeee0e64c11eee
      Size/MD5:  1690802 49383fd5daeff5e035e4b31e8d697209
      Size/MD5:  1344812 1ff84f6ba161d153669c2078008c60c9
      Size/MD5:   174500 c22f3e517108a16ee1cf2f6515cf6a59

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   740024 1a3c4a2e1a4c08dc88c0021161b27aea
      Size/MD5:   229606 30526dfa6efafe965c388b2f4bfa2a86
      Size/MD5:   193348 606db68900dacebf677d179810e72400
      Size/MD5:  1595204 4e55cb3cd9cf80b3ca1c208e4483baeb
      Size/MD5:  1299758 a5f58f9b23fc018b3f16d5ef6022d7e9
      Size/MD5:   170004 33cc347f9ae218ee1cff56038037572b

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9
      Size/MD5:   231664 05864c90d9a8eef57b1601ce729e2a9f
      Size/MD5:   189572 dffbb7faddc85df1c040d770daa4bbf3
      Size/MD5:  1612224 a9ef6f4e75bdba532245861cf885ea44
      Size/MD5:  1303844 e1d3379589cdce724db0ea694e6ced24
      Size/MD5:   174134 983b86da5547223294ba688951168c5b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   748896 1f782e8b18ef490a011058c1b2856503
      Size/MD5:   253594 c76d8b774405138a6d13f1cf38779a51
      Size/MD5:   202724 c0524feeace6bc5596ddc470cfdebeac
      Size/MD5:  1923526 63ee716b9cd22f6ee313d2e64989d4c8
      Size/MD5:  1358750 5818d6912d7d440f5ffaf80c6dd7dfd3
      Size/MD5:   173422 9a8dda1198866d8f2f9c3a78522e8af2

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   741060 b7a79b518707f40a45cb8962406cecab
      Size/MD5:   230760 af528afb7d77f825fea574a66e528a04
      Size/MD5:   193168 ce61ffd320fd022743da316b2a889dd3
      Size/MD5:  1858960 98309e6cca4b1c979a84c022988d271c
      Size/MD5:  1399932 fb4cde1381eacc9357f52ddd607aef4f
      Size/MD5:   175946 65ea96b9ebfc22fd9eea8daee44f38d4

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.