From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1858-1 [email protected] http://www.debian.org/security/ Luciano Bello
August 10, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : imagemagick
Vulnerability : multiple
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-1667 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986
CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
CVE-2009-1882
Debian Bug : 418057 412945 444267 530838

Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-1667

Multiple integer overflows in XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial of
service (crash) or obtain sensitive information via crafted images with
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).

CVE-2007-1797

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).

CVE-2007-4985

A crafted image file can trigger an infinite loop in the ReadDCMImage
function or in the ReadXCFImage function. It only affects the oldstable
distribution (etch).

CVE-2007-4986

Multiple integer overflows allow context-dependent attackers to execute
arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,
which triggers a heap-based buffer overflow. It only affects the
oldstable distribution (etch).

CVE-2007-4987

Off-by-one error allows context-dependent attackers to execute arbitrary
code via a crafted image file, which triggers the writing of a '\0'
character to an out-of-bounds address. It affects only the oldstable
distribution (etch).

CVE-2007-4988

A sign extension error allows context-dependent attackers to execute
arbitrary code via a crafted width value in an image file, which
triggers an integer overflow and a heap-based buffer overflow. It
affects only the oldstable distribution (etch).

CVE-2008-1096

The load_tile function in the XCF coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .xcf file that triggers an out-of-bounds heap write.
It affects only to oldstable (etch).

CVE-2008-1097

Heap-based buffer overflow in the PCX coder allows user-assisted remote
attackers to cause a denial of service or possibly execute arbitrary
code via a crafted .pcx file that triggers incorrect memory allocation
for the scanline array, leading to memory corruption. It affects only to
oldstable (etch).

CVE-2009-1882

Integer overflow allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TIFF file,
which triggers a buffer overflow.

For the old stable distribution (etch), these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 7:6.3.7.9.dfsg2-1~lenny3.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
7:6.5.1.0-1.1.

We recommend that you upgrade your imagemagick packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz
Size/MD5 checksum: 5202678 cbb51d6956c6dd68f7dfaa068d0b416b
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc
Size/MD5 checksum: 958 6c8ffe1f0d0efab6652070aabd8fab8d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 189542 1aa917c2f494952622bcd089655f7b3b
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 2449862 be4d146061a0211fc3070c8461c43539
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 743324 75350c6eb5143f5dee7fe31a01e9a410
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 174690 d024ad2524f15fa889df8e34f3a900ae
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 305632 0e5fea24e12ad7b5951ffb24d01f5a50
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
Size/MD5 checksum: 1391130 8ad3f625613017b1ff977d319feddf7c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
Size/MD5 checksum: 744738 78e3cfa4a31075f823bc28403f5d67c5

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)