Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0585 -- Debian Security Advisory DSA 547-1 New Imagemagic packages fix buffer overflows 17 September 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: imagemagic Publisher: Debian Operating System: Debian GNU/Linux 3.0 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CAN-2004-0827 Ref: ESB-2003.0447 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 547-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 16th, 2004 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : imagemagic Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0827 Debian Bug : 268357 Marcus Meissner from SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process. For the stable distribution (woody) this problem has been fixed in version 5.4.4.5-1woody3. For the unstable distribution (sid) this problem has been fixed in version 6.0.6.2-1. We recommend that you upgrade your imagemagick packages. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.dsc Size/MD5 checksum: 852 bd30219ef391bf92ddd1d9440bb204c8 http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.diff.gz Size/MD5 checksum: 15029 919a9ce109d79cbd46be07600659ad23 http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07 Alpha architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 1309670 da500b46b1267ff4d03976e308065acd http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 154074 6971608db558ff0782c3ad0ae009462c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 56140 092caa97de894d81df0140dd2b28dae4 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 833318 10bbbd147658ead4decfda1df4e18a1d http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 67182 12ff257149eabf085a6dfce68053f402 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_alpha.deb Size/MD5 checksum: 113698 9f081ff178091a2e608d067790d01436 ARM architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 1296992 05fa897edf7b0d89995491f4ba449688 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 118588 6f9a48ee452713a8e55ab41be4ef470c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 56186 1ad5494d3584fcc8a0a5b80b8a393c03 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 898494 f07051e3c12c743335abf1a0485cf03c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 67226 fdf2758a658b2327166a757e69b47851 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_arm.deb Size/MD5 checksum: 109822 9b76a15b68ae88c118c589e33db86b96 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 1295002 649843a11bd6e67e716a7b428a003ed7 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 122680 df5253599920dcc08e930b9fb066f5ab http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 56154 c88abf1babb06cbf1fb331867e07b0f7 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 772402 b4af59f9a6b39ba622f7044a6c803098 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 67192 93da49b34877c0d0a1cc5401d015f3ec http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_i386.deb Size/MD5 checksum: 106814 31e28aa6bb9018089636a765542292f4 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 1336076 83a4c1a3cb25f72329af8c1911155364 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 136966 32bcfb89db6ef6303259b89690f6b34a http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 56144 cc7a6e8c841953f5c2f28172f3339bdf http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 1359876 b859f2de467d20bc88a49d5255113518 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 67184 b1c6c79044eaee12ea665e838173e644 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_ia64.deb Size/MD5 checksum: 132808 64357db2d047e28efb6ecf34712f81d4 HP Precision architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 1297246 d91a93010d0a9b06ef2e7e7c24067eab http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 132754 d94ce1833a7622ec7cb1e87e1f7d4d1f http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 56178 227dc8a44dec7c8f5ffd7d04d007bf5a http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 859610 5e31aa4f3847a122c9b028a7e4cc53c2 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 67224 1aa9441ecd0df3be9c9c521c023235f4 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_hppa.deb Size/MD5 checksum: 117068 569cddc344832c2651a09302adcb4be9 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 1292374 d33d961d168fa1da3e81258593f6cad1 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 133904 818babd031d9464983228be672f3ba63 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 56194 62f0e0c37d37def3276b472748baf09c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 751662 f15c730f9e533099c4a4fffc43b97320 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 67248 e745b4e81854b018b410351f06d4f9f5 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_m68k.deb Size/MD5 checksum: 107322 00fa726acbc7db8761babcf7c3f12b6c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 1294824 e1c5c5962301328b006f84d9f4552473 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 120156 e8682a8b9ae6add5268a36d40c7cf60c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 56204 39898ed1a2842b4af52cecb46dc11e01 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 732964 a4fb5327892e275223584dac87fd5f70 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 67238 08cab47dc272d5c79268616d4cfdafc4 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mips.deb Size/MD5 checksum: 103238 74db9479973dd03fa2043b86c09e6f54 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 1294630 0567612bd39cbb9e112305e981f3dddb http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 113644 9f02d8c68dc3a3ec3ac1a0bbefaf3cd4 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 56188 197d278743e9a63d2965debf6307e229 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 720946 267d45b9082758cb6d248d4835d7a906 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 67222 9288acd5cf8e0d954a698a57490bdf9f http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mipsel.deb Size/MD5 checksum: 102766 8c1f9380559702fc5763cc3591d289a6 PowerPC architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 1291356 13b81750624a3251a6bf6c73a41ddffc http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 135816 6bb64246e67de0778d6f92f126e6cedd http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 56162 7f8990171bc17c386d1fd59f76d8d0f5 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 785946 30216abae843bfb90a40ed0e54899648 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 67212 a42b2482a1cabaeaba2a0464bd50d197 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_powerpc.deb Size/MD5 checksum: 111830 a2b06d2e30c5acb8384896d66cd6ec56 IBM S/390 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 1292026 87ad365ff0f76a959d15e6791099861e http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 131922 b592d2de28c42fad73003745620ba6a6 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 56168 27d05d99677a8f05814991d6c54d3125 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 777904 28d8e1d90473b7fd9de7008133826106 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 67210 bc6bc6951ac1845ad2c2576ba12b4144 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_s390.deb Size/MD5 checksum: 108872 3a9b40bd966e82e72b6083933257b108 Sun Sparc architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 1295066 75a65f7dc635c36b0e106f320fc003b9 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 123762 f1e8dd9d054f5c6720ef3a72e9292956 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 56180 aab8608e0ebb8bfb114517afb32731bf http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 802498 afed76b4789398a8844af142ded2612c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 67216 99ac5d6fd3dabef7acec81b29a90fc9c http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_sparc.deb Size/MD5 checksum: 112778 b263339035dad232832a8b48dc221ed8 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBSWaXW5ql+IAeqTIRAj1ZAJ9VR7hkBDz+AmfPv+Bw2JwccVYEZACfVKIl 3Pm+0xstcyvYu2/r9aIc7wc= =+X6V - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQUom5Ch9+71yA2DNAQKiswP+OCPfo/9cbYJuNFafh1PF9HQd9QbHgqYi dZfcjw5+P1l/OawC47piq5hq36T3CWhvy2VlnswOmGI5N8hEh1Jv5uzv1qNDWm5R rP48l/4NGD0zEeWKI/hUNr94P95xZnSogpSoB4zQ2VqOzGYPZutQAtXMmE/n8WVJ NuHtXWnBQqU= =Cyvv -----END PGP SIGNATURE-----