-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1168-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff September 4th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : imagemagick Vulnerability : several Problem-Type : local(remote) Debian-specific: no CVE ID : CVE-2006-2440 CVE-2006-3743 CVE-2006-3744 Debian Bug : 345595 Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2440 Eero Häkkinen discovered that the display tool allocates insufficient memory for globbing patterns, which might lead to a buffer overflow. CVE-2006-3743 Tavis Ormandy from the Google Security Team discovered that the Sun bitmap decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. CVE-2006-3744 Tavis Ormandy from the Google Security Team discovered that the XCF image decoder performs insufficient input sanitising, which might lead to buffer overflows and the execution of arbitrary code. For the stable distribution (sarge) these problems have been fixed in version 6:6.0.6.2-2.7. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your imagemagick packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.dsc Size/MD5 checksum: 881 5f4679e6227198748235d9568723bed8 http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.diff.gz Size/MD5 checksum: 139850 5b2a96c4b4b33911aad3554e62ff6ead http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c Alpha architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 1469458 4b7e270543c1cba6ef911d0b57f528bd http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 173642 e89b1ac6389af3c3654c92ef04f71236 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 288440 9c890a22da5b3108e1e79986b8f3f9d7 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 1284480 b46ddf341c60bd3b56a74c30bc18b4b3 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 2203472 a8dd1051aac2733bd0af5e8fd49023fb http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_alpha.deb Size/MD5 checksum: 143624 a57deca01aad6b87c7c84e2b8a14b24c AMD64 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1465964 d731dd65e03575fe951f346c270a6c47 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 163296 5dfd5471d9e8857847afa0d50765df35 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 228512 c0a5d774b8b597e7d63c077a43e350c6 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1194568 4d948195b97c8f2dfe56a1cf6b482991 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 1549604 024c88129c756946fed8ee1d864e33cf http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_amd64.deb Size/MD5 checksum: 231526 587b1beb498fc92d0b8ff76f5a35bdf9 ARM architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1465884 bdd4e36a48a0e9a565dab28fba2d7fa1 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 149044 08f5af4cfd20733853cc170e3740a5a0 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 234434 ee66b8b8e350f66e2292f04187e3c95c http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1204024 98632b2822a85c4754fa57a4ef518e86 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 1646990 d4bcb1b567ffa09b73a2c68614ba358c http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_arm.deb Size/MD5 checksum: 230240 fc8a8fe47b515072aac332ad79e87cfd HP Precision architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1468036 4da528a607d18caad31a4534b872498e http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 181886 75a2bb4d8f9121695dea5d1395bc4d4d http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 273540 c91370290615180e7ee8256b036b88b9 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1403916 027763e00e9fe27a40d3a031c89ed66f http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 1827124 6cdc0bb8859935f3236c8894892fee6d http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_hppa.deb Size/MD5 checksum: 243534 7fef0d62b4bd54dae3508ab234885cbc Intel IA-32 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1465818 06d21a526f3c7f2296ff7e44cb8a98ef http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 164226 8c28e623a546df89295f5de93fcb4989 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 208680 02c986fb33cf8ebfe92605dd6eceb3dd http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1171644 dda01d8a91f2c0d94011c7bae98d07e1 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 1506700 19e58632b0eac9882d55a27e68fe97a7 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_i386.deb Size/MD5 checksum: 233688 076aa5e15bafcc81ff8935ae3f3f2bcc Intel IA-64 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 1468256 b095d99f1f20f574d126231bc86d47ed http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 187928 315c8f19d9de2880e6e3925949e64009 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 295760 81309e0aa4ee6fec3a013ea422d09252 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 1604778 1311def07d07f8f218730dc592d936b5 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 2131646 7670599c9d1fd4f40f427a54343a61c1 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_ia64.deb Size/MD5 checksum: 273216 30dc5ab1b25e101211b7b877fecfc91c Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1465838 f28fe7f4854ea9ac33624fe28a9eeb99 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 159628 5c6cfce3833e5f72bc4ea4b67b44ddc9 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 210424 06aba656e3adacb2edba8a9b46924131 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1072262 6c0ea79df42c7f85982fcb8ffdd3d424 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 1287984 97c8589da25738b8db5d0aa8276038ce http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_m68k.deb Size/MD5 checksum: 226664 6821aa6e592122ae948669d91daa19e1 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1489988 90f02f37f1fc359c311e6608a8b9e773 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 155234 8d20bbf6bc2db0a380d430eaf4e2ac44 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 254482 173a83133ca983ee808f903c405b00e2 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1118906 048767a15ff7b77d3464eb43810b9bc5 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 1703880 d7dcbe48dfbf7bdae48d41fae20a83ff http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_mips.deb Size/MD5 checksum: 131050 e154d6146014c2eb7d7d85ff04581f56 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1489990 11d140b110c4b5bc37dbd78627abba27 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 151320 e787faeb3a76fa0c1460725a04597ae6 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 249740 47a7592c00e18f7f896c2d2c43a1902d http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1114186 80a517750adac4831836d8b990033833 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 1667246 cf85d1d16b410968b5366f279a93d4aa http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_mipsel.deb Size/MD5 checksum: 130662 d3e16ff4dddbd8d5bda92bc009f07154 PowerPC architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1471568 19a0fb05aabe4bcfbf182b6b8a3f2dea http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 156508 c1fea955c3c417e5ef89c40783775881 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 227446 b562d64e3e6b0c0a985988b78dbbdfc2 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1169030 9280aa9786398c1005b9e6b55b768932 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 1684096 7a237ad2e9c8a4717ef7b6876e3be95f http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_powerpc.deb Size/MD5 checksum: 270260 beb8458f70ff7ac8a7500038af7e4f27 IBM S/390 architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1467276 21f1387063bfa6ec2bd242663bd7bc0d http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 180234 9e38051c984bca2993fe14a148c63481 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 229880 d10fa41f750dd6d6539a92c2d1f4676a http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1193582 e2a3d7323ed773f4afc954ad63b1e5bf http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 1530030 22c90f5d3a5bd6c91e374d77c04cf276 http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_s390.deb Size/MD5 checksum: 241820 8ca8f45a82f1ba8cf277770dcb1f7ab1 Sun Sparc architecture: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1465394 77424512e49657f5ff4e4051f91c8445 http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 160768 78da3b797a3a1ac44b26d82f770181ad http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 224066 014a4852687fee185379f0d8b19e088f http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1248408 4b0ecf2ea4745b2236229f7aefd57d7a http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 1683370 e4cd00a416c8fdadd970cf5482cbbf3d http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_sparc.deb Size/MD5 checksum: 230632 695722c6fe649aadbac851990684097b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE/LOlXm3vHE4uyloRAiwiAKC+QBSnfvx/pqhK8h/xmJr9jojAoACg04mB yU+h8MbVaSWzF+OlgdFbyPY= =tMA8 -----END PGP SIGNATURE-----