LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: ImageMagick vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
===========================================================
Ubuntu Security Notice USN-681-1          December 01, 2008
imagemagick vulnerability
CVE-2008-1096
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  imagemagick                     6:6.2.4.5-0.6ubuntu0.8

Ubuntu 7.10:
  imagemagick                     7:6.2.4.5.dfsg1-2ubuntu1.1

After a standard system upgrade you need to restart any applications that
use ImageMagick, such as OpenOffice.org and Inkscape, to effect the
necessary changes.

Details follow:

It was discovered that ImageMagick did not correctly handle certain
malformed XCF images. If a user were tricked into opening a specially
crafted image with an application that uses ImageMagick, an attacker
could cause a denial of service and possibly execute arbitrary code with
the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.diff.gz
      Size/MD5:    42513 e496b5beeaca8ffaf73792efc552bb75
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8.dsc
      Size/MD5:      922 18af22ef2d20f02bc71a2b4d525101ba
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.orig.tar.gz
      Size/MD5:  6085147 8d790a280f355489d0cfb6d36ce6751f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1616784 e140ab1826153433380bf0e087401ce5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   249840 b52af42a36a2e6aeded4f0e1bdc3c7c5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   170776 f99388b02f4989d6b3d98886ecef69e3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1705392 9de94091eb1cf8a31b28516c1444cd94
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:  1349700 a0712e9eefe0c2d2e8e59a5920dd8821
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_amd64.deb
      Size/MD5:   172600 affa28f951b642bf64cdfdb4153b193d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1615502 34f7ed99bbdaed2247321395623e9e6c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   227826 8308c202b96c1960fd352b4a011ba290
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   169702 1380b74079bf68498434229be87ba197
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1558588 edfc14ac9018b3e6f4e303e83af74637
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:  1250130 72e586dfbe9bcb0602a37eadcce574bc
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_i386.deb
      Size/MD5:   167964 2bc1e8c08d403321df20868c6a646bfd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1620342 50b2274fd75d9f8fe2c78d9bb9aad4be
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   252100 d0073b909c9073b4108272cf58724bb2
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   163178 228bf2af722438ff3584bb85075cf956
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1909532 b7d8d5fbdac11cc2bb8df9faffb6592d
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:  1285690 d1a834cc502a2ae7a8c0a805da80fd83
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_powerpc.deb
      Size/MD5:   166968 8c568ce0d4d7ab9f46e681f0f5c80b8f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1616114 80af67cc6405b2f9744a66f62ab7e35b
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   229934 8069e7cc0272505907654484c0083400
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   168044 bec93b0a4e03bf308c0e5e73649c0267
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1810056 df876fb99e74ac4efce39d6292fc7ed1
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:  1345938 6860ae7d2d44f88534954fa0bb13bf88
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.8_sparc.deb
      Size/MD5:   169680 b4484481d95850f256bdb2b74d7d55cb

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.diff.gz
      Size/MD5:   102763 811963207b510b778d0d7dfe587f51b5
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1.dsc
      Size/MD5:     1161 cdd5a298b1e72c812040be67afcf3133
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1.orig.tar.gz
      Size/MD5:  5203463 2c5d3723d25c4119cf003efce2161c56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   741190 22a0f42c8fe6bf82b7e588a10960c7e6
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   250830 d7fe4b4df55c1ac4f9b4628492e12f38
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   190196 3c81b936c68598a798eeee0e64c11eee
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1690802 49383fd5daeff5e035e4b31e8d697209
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:  1344812 1ff84f6ba161d153669c2078008c60c9
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_amd64.deb
      Size/MD5:   174500 c22f3e517108a16ee1cf2f6515cf6a59

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   740024 1a3c4a2e1a4c08dc88c0021161b27aea
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   229606 30526dfa6efafe965c388b2f4bfa2a86
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   193348 606db68900dacebf677d179810e72400
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1595204 4e55cb3cd9cf80b3ca1c208e4483baeb
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:  1299758 a5f58f9b23fc018b3f16d5ef6022d7e9
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_i386.deb
      Size/MD5:   170004 33cc347f9ae218ee1cff56038037572b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   740068 b0b07bb6f6cd0013c6cc77d1ddb3c1b9
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   231664 05864c90d9a8eef57b1601ce729e2a9f
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   189572 dffbb7faddc85df1c040d770daa4bbf3
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1612224 a9ef6f4e75bdba532245861cf885ea44
    http://ports.ubuntu.com/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:  1303844 e1d3379589cdce724db0ea694e6ced24
    http://ports.ubuntu.com/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_lpia.deb
      Size/MD5:   174134 983b86da5547223294ba688951168c5b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   748896 1f782e8b18ef490a011058c1b2856503
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   253594 c76d8b774405138a6d13f1cf38779a51
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   202724 c0524feeace6bc5596ddc470cfdebeac
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1923526 63ee716b9cd22f6ee313d2e64989d4c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1358750 5818d6912d7d440f5ffaf80c6dd7dfd3
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_powerpc.deb
      Size/MD5:   173422 9a8dda1198866d8f2f9c3a78522e8af2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   741060 b7a79b518707f40a45cb8962406cecab
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   230760 af528afb7d77f825fea574a66e528a04
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   193168 ce61ffd320fd022743da316b2a889dd3
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1858960 98309e6cca4b1c979a84c022988d271c
    http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:  1399932 fb4cde1381eacc9357f52ddd607aef4f
    http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-2ubuntu1.1_sparc.deb
      Size/MD5:   175946 65ea96b9ebfc22fd9eea8daee44f38d4



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.