|
--3qYtBtpdm1/OJWPn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
===========================================================
Ubuntu Security Notice USN-481-1 July 10, 2007
imagemagick vulnerabilities
CVE-2007-1667, CVE-2007-1797
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libmagick9 6:6.2.4.5-0.6ubuntu0.6
Ubuntu 6.10:
libmagick9 7:6.2.4.5.dfsg1-0.10ubuntu0.3
Ubuntu 7.04:
libmagick9 7:6.2.4.5.dfsg1-0.14ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Multiple vulnerabilities were found in ImageMagick's handling of DCM and
WXD image files. By tricking a user into processing a specially crafted
image with an application that uses imagemagick, an attacker could
execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6.diff.gz
Size/MD5: 39268 d58d313987a066dd86df9b74d3d381e8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6.dsc
Size/MD5: 914 5c539bc0d8e2cc52fe855d5f9b5e63ac
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.orig.tar.gz
Size/MD5: 6085147 8d790a280f355489d0cfb6d36ce6751f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 1616218 929e8078d8bba1f03eb3734a86d12237
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 249430 e39f04adfb6fc9ed8c480066134edf85
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 170242 cca72534252d50115e312e3d1ad6b8d1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 1704122 0337592e131f9e3850f53656fb2262fe
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 1349102 289ff8bddf146faad3c60d06bb6e1d2c
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.6_amd64.deb
Size/MD5: 172082 2b64b93869789fa438c542292f68f393
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 1614958 98f7bcdd3151c5596f5e69c186e59586
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 227330 3bb64f5491f07cfa5569d4bb6206d878
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 168798 2c0d2f0cfdeff9318df323ae524c1819
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 1557540 fe90a0e2e16e0e15398022d9cd334673
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 1249124 724d4eee4af75a03a5085ca37ea7cb2e
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.6_i386.deb
Size/MD5: 167466 7006c9f4de34bf647f569003fef86ca2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 1619914 6c7133fd5890e8f722799464f68eee20
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 251614 faa5eef311a9382696c4e94c06c62cd9
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 162608 ed08b43e6f3ce095d1581370f6c10f3c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 1908620 48d307b2b8631b4a669be1322e5607bc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 1285056 2108f1a2044f78f4d180d7070807f256
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.6_powerpc.deb
Size/MD5: 166472 f566c136b1ef95629e794a406d21b29c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 1615972 ef034a5a75bd5a0a44d20bca9d0d962c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 229448 9302d5b800651254aefac294b4fba8a6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 167490 8c1259985a276f9d86b0e5ff5b46a6f8
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 1809180 57823f107f4e713000ee1ab528805649
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 1345326 69e88733176575bc82cebae8e41cdf13
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5-0.6ubuntu0.6_sparc.deb
Size/MD5: 169178 b9a4b752ea434aa31f58b5a5ea997bb4
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3.diff.gz
Size/MD5: 90910 68231bacd7a5ae7403c410b26b97cd5d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3.dsc
Size/MD5: 953 8bc479de9c7cf4477feed5757e395649
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 742874 ba93dd4b28a65d5553395fc071069a48
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 247822 4ce7e0b0a80817bf2a0b07ee6ee7106f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 170290 2cf91dcc2291a48132c79ede01c2a821
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 1684874 7b79405bed4c5b119c773cd05f2ad437
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 1331060 434269bee34224e27b985397c4f2b127
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.3_amd64.deb
Size/MD5: 172320 8407dcbf05d46267ad3db6f569ad12d3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 742350 3de4b95e2c34286aed4dabea43a66f37
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 227370 27f1140db9c32cfdb9826702979d1bf2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 169206 2df7b39d6703f5be49b4750f5c9d0642
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 1592362 a2472a4bc137b54f890456c722f4bbe4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 1286408 993c92fde74d2c49c1b27cf6cf7b4138
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.3_i386.deb
Size/MD5: 167864 03de16b72602ca86639f129b68ed2010
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 746384 4c9052fab557b9fb5043c3f61fda12e6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 251640 fe50cdb17ecdb95a3030ebe770610394
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 162824 9f5552448f54a0b11343fe5a68a0b297
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 1920416 1fa8980dcd30479361f48d04668e1c6f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 1297270 ae9c2d7231176a9515fa5e0d308bba04
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.3_powerpc.deb
Size/MD5: 168534 c6708a1db384e0029b820515970ebd01
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 742356 2f9012b1a65e7b3fcfe2e0d3ae231808
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 229220 d977c5fcfe31f6291d90c08f4b8ed086
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 167862 247d9134a39c1338d2e3a0cfb5b1d70b
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 1856368 9624df4328326451a8364a54908fb4aa
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 1384114 3b73571c431cb0a881e48f02f6e101af
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.10ubuntu0.3_sparc.deb
Size/MD5: 174052 1b3a93163afe20f5af6479814b99fdce
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1.diff.gz
Size/MD5: 92877 726d9ec77f113467bd12cfd556dfb8ed
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1.dsc
Size/MD5: 1119 6c3001a574f419da593c64503dc9dd83
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1.orig.tar.gz
Size/MD5: 5203463 2c5d3723d25c4119cf003efce2161c56
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 740084 9ca3843dda7671083ec3d4bf5c4cca25
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 248162 799228a0036b584376c505e3a9e37a98
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 188124 a73c7b23186f8e7b3c51c43cd06a1893
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 1685500 9227ea6a244f6abd8aaff4f8396a13c4
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 1342200 05a7170dd3aa1ee9d033638bdb30a974
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.1_amd64.deb
Size/MD5: 173146 61a714fc8b6ed3e35cc276802c48a2a9
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 738958 ce4ea61a6c2020fd872e30c9053095d1
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 227728 b5575f4f450f33dc3505ab83da1a1c89
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 192160 8eb13fcf1e30e454f22680fcdd797d79
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 1592142 64055813edba778b47c090fea4a08510
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 1298348 59c70ba63832a7e113aa75ae91c83e96
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.1_i386.deb
Size/MD5: 168772 ba626726f77801bbaaad34ea0da33af2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 749606 19927653bda821a3e53e1b14533a154f
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 251980 2bd0927abe6037eb44a5c50c2b84a89d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 201626 9571ff5ebb5fb9278220b3fc1d490e44
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 1919402 5c1631f5041ea5fc1afe4ee3c31a694d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 1356302 d877997e9a359e8d4a8369a8f2dc0c65
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.1_powerpc.deb
Size/MD5: 172354 f1b12a9ae07afa9463e81ea61c483259
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6=2E2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 740004 ade74dbedd5735024319615f795ea685
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 229548 e73c1da68756893ae985580b83798a0c
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 192338 2d8893d93abd4f436dd9725ecab583d6
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 1855028 2aadfd4c48c26ca5f2adb8a263fcd391
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 1395850 2b019d49426477dfefac43271f64fa7f
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.14ubuntu0.1_sparc.deb
Size/MD5: 174738 8d8e5a5fbc178404ad9b5838cbb28054
--3qYtBtpdm1/OJWPn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGk4p+H/9LqRcGPm0RAjmYAJ9bzWYB8YPf+VHUM6t7WZTYtmTBZgCeLMhv
H773P2DjL9Ru3Iu8ZuPLj2o=eO30
-----END PGP SIGNATURE-----
--3qYtBtpdm1/OJWPn--