Säkerhetsbulletin från Debian

DSA-547-1 imagemagick -- buffertspill

Rapporterat den:

2004-09-16

Berörda paket:

imagemagick

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 268357.
I Mitres CVE-förteckning: CVE-2004-0827.

Ytterligare information:

Marcus Meissner från SUSE upptäckte ett buffertspill i grafikbiblioteket ImageMagick. En angripare kunde skapa en avsiktligen felaktig bild- eller videofil i AVI-, BMP- eller DIB-format vilken kunde krascha den läsande processen. Det kan vara möjligt att specialskrivna bilder också gör det möjligt att exekvera godtycklig kod med den körande processens behörigheter.

För den stabila utgåvan (Woody) har detta problem rättats i version 5.4.4.5-1woody3.

För den instabila utgåvan (Sid) har detta problem rättats i version 6.0.6.2-1.

Vi rekommenderar att ni uppgraderar era imagemagick-paket.

Rättat i:

Debian GNU/Linux 3.0 (woody)

Källkod:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.dsc; http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.diff.gz; http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.