User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-1435-1 (imagemagick)

From:  Marc Deslauriers <marc.deslauriers@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-1435-1] ImageMagick vulnerabilities
Date:  Tue, 01 May 2012 11:33:09 -0400
Message-ID:  <1335886389.2997.110.camel@mdlinux>
Archive-link:  Article, Thread

========================================================================== Ubuntu Security Notice USN-1435-1 May 01, 2012 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - imagemagick: Image manipulation programs and library Details: Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185) Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259) It was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610) Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: imagemagick 8:6.6.9.7-5ubuntu3.1 libmagick++4 8:6.6.9.7-5ubuntu3.1 Ubuntu 11.10: imagemagick 8:6.6.0.4-3ubuntu1.1 libmagick++3 8:6.6.0.4-3ubuntu1.1 Ubuntu 11.04: imagemagick 7:6.6.2.6-1ubuntu4.1 libmagick++3 7:6.6.2.6-1ubuntu4.1 Ubuntu 10.04 LTS: imagemagick 7:6.5.7.8-1ubuntu1.2 libmagick++2 7:6.5.7.8-1ubuntu1.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1435-1 CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798 Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:6.6.9.... https://launchpad.net/ubuntu/+source/imagemagick/8:6.6.0.... https://launchpad.net/ubuntu/+source/imagemagick/7:6.6.2.... https://launchpad.net/ubuntu/+source/imagemagick/7:6.5.7.... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds