drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in imagemagick
Name: |
Mehrere Probleme in imagemagick |
|
ID: |
DSA-1168-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sarge |
|
Datum: |
Di, 5. September 2006, 01:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA 1168-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 4th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : imagemagick Vulnerability : several Problem-Type : local(remote) Debian-specific: no CVE ID : CVE-2006-2440 CVE-2006-3743 CVE-2006-3744 Debian Bug : 345595
Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-2440
Eero Häkkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow.
CVE-2006-3743
Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. CVE-2006-3744
Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code.
For the stable distribution (sarge) these problems have been fixed in version 6:6.0.6.2-2.7.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your imagemagick packages.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------
Source archives:
imagemagick_6.0.6.2-2.7.dsc Size/MD5 checksum: 881 5f4679e6227198748235d9568723bed8 imagemagick_6.0.6.2-2.7.diff.gz Size/MD5 checksum: 139850 5b2a96c4b4b33911aad3554e62ff6ead imagemagick_6.0.6.2.orig.tar.gz Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c
Alpha architecture:
imagemagick_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 1469458 4b7e270543c1cba6ef911d0b57f528bd libmagick++6_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 173642 e89b1ac6389af3c3654c92ef04f71236 libmagick++6-dev_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 288440 9c890a22da5b3108e1e79986b8f3f9d7 libmagick6_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 1284480 b46ddf341c60bd3b56a74c30bc18b4b3 libmagick6-dev_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 2203472 a8dd1051aac2733bd0af5e8fd49023fb perlmagick_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 143624 a57deca01aad6b87c7c84e2b8a14b24c
AMD64 architecture:
imagemagick_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1465964 d731dd65e03575fe951f346c270a6c47 libmagick++6_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 163296 5dfd5471d9e8857847afa0d50765df35 libmagick++6-dev_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 228512 c0a5d774b8b597e7d63c077a43e350c6 libmagick6_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1194568 4d948195b97c8f2dfe56a1cf6b482991 libmagick6-dev_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1549604 024c88129c756946fed8ee1d864e33cf perlmagick_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 231526 587b1beb498fc92d0b8ff76f5a35bdf9
ARM architecture:
imagemagick_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1465884 bdd4e36a48a0e9a565dab28fba2d7fa1 libmagick++6_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 149044 08f5af4cfd20733853cc170e3740a5a0 libmagick++6-dev_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 234434 ee66b8b8e350f66e2292f04187e3c95c libmagick6_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1204024 98632b2822a85c4754fa57a4ef518e86 libmagick6-dev_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1646990 d4bcb1b567ffa09b73a2c68614ba358c perlmagick_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 230240 fc8a8fe47b515072aac332ad79e87cfd
HP Precision architecture:
imagemagick_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1468036 4da528a607d18caad31a4534b872498e libmagick++6_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 181886 75a2bb4d8f9121695dea5d1395bc4d4d libmagick++6-dev_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 273540 c91370290615180e7ee8256b036b88b9 libmagick6_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1403916 027763e00e9fe27a40d3a031c89ed66f libmagick6-dev_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1827124 6cdc0bb8859935f3236c8894892fee6d perlmagick_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 243534 7fef0d62b4bd54dae3508ab234885cbc
Intel IA-32 architecture:
imagemagick_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1465818 06d21a526f3c7f2296ff7e44cb8a98ef libmagick++6_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 164226 8c28e623a546df89295f5de93fcb4989 libmagick++6-dev_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 208680 02c986fb33cf8ebfe92605dd6eceb3dd libmagick6_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1171644 dda01d8a91f2c0d94011c7bae98d07e1 libmagick6-dev_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1506700 19e58632b0eac9882d55a27e68fe97a7 perlmagick_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 233688 076aa5e15bafcc81ff8935ae3f3f2bcc
Intel IA-64 architecture:
imagemagick_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 1468256 b095d99f1f20f574d126231bc86d47ed libmagick++6_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 187928 315c8f19d9de2880e6e3925949e64009 libmagick++6-dev_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 295760 81309e0aa4ee6fec3a013ea422d09252 libmagick6_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 1604778 1311def07d07f8f218730dc592d936b5 libmagick6-dev_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 2131646 7670599c9d1fd4f40f427a54343a61c1 perlmagick_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 273216 30dc5ab1b25e101211b7b877fecfc91c
Motorola 680x0 architecture:
imagemagick_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1465838 f28fe7f4854ea9ac33624fe28a9eeb99 libmagick++6_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 159628 5c6cfce3833e5f72bc4ea4b67b44ddc9 libmagick++6-dev_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 210424 06aba656e3adacb2edba8a9b46924131 libmagick6_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1072262 6c0ea79df42c7f85982fcb8ffdd3d424 libmagick6-dev_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1287984 97c8589da25738b8db5d0aa8276038ce perlmagick_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 226664 6821aa6e592122ae948669d91daa19e1
Big endian MIPS architecture:
imagemagick_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1489988 90f02f37f1fc359c311e6608a8b9e773 libmagick++6_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 155234 8d20bbf6bc2db0a380d430eaf4e2ac44 libmagick++6-dev_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 254482 173a83133ca983ee808f903c405b00e2 libmagick6_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1118906 048767a15ff7b77d3464eb43810b9bc5 libmagick6-dev_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1703880 d7dcbe48dfbf7bdae48d41fae20a83ff perlmagick_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 131050 e154d6146014c2eb7d7d85ff04581f56
Little endian MIPS architecture:
imagemagick_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1489990 11d140b110c4b5bc37dbd78627abba27 libmagick++6_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 151320 e787faeb3a76fa0c1460725a04597ae6 libmagick++6-dev_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 249740 47a7592c00e18f7f896c2d2c43a1902d libmagick6_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1114186 80a517750adac4831836d8b990033833 libmagick6-dev_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1667246 cf85d1d16b410968b5366f279a93d4aa perlmagick_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 130662 d3e16ff4dddbd8d5bda92bc009f07154
PowerPC architecture:
imagemagick_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1471568 19a0fb05aabe4bcfbf182b6b8a3f2dea libmagick++6_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 156508 c1fea955c3c417e5ef89c40783775881 libmagick++6-dev_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 227446 b562d64e3e6b0c0a985988b78dbbdfc2 libmagick6_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1169030 9280aa9786398c1005b9e6b55b768932 libmagick6-dev_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1684096 7a237ad2e9c8a4717ef7b6876e3be95f perlmagick_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 270260 beb8458f70ff7ac8a7500038af7e4f27
IBM S/390 architecture:
imagemagick_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1467276 21f1387063bfa6ec2bd242663bd7bc0d libmagick++6_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 180234 9e38051c984bca2993fe14a148c63481 libmagick++6-dev_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 229880 d10fa41f750dd6d6539a92c2d1f4676a libmagick6_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1193582 e2a3d7323ed773f4afc954ad63b1e5bf libmagick6-dev_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1530030 22c90f5d3a5bd6c91e374d77c04cf276 perlmagick_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 241820 8ca8f45a82f1ba8cf277770dcb1f7ab1
Sun Sparc architecture:
imagemagick_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1465394 77424512e49657f5ff4e4051f91c8445 libmagick++6_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 160768 78da3b797a3a1ac44b26d82f770181ad libmagick++6-dev_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 224066 014a4852687fee185379f0d8b19e088f libmagick6_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1248408 4b0ecf2ea4745b2236229f7aefd57d7a libmagick6-dev_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1683370 e4cd00a416c8fdadd970cf5482cbbf3d perlmagick_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 230632 695722c6fe649aadbac851990684097b
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE/LOlXm3vHE4uyloRAiwiAKC+QBSnfvx/pqhK8h/xmJr9jojAoACg04mB yU+h8MbVaSWzF+OlgdFbyPY= =tMA8 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|