USN-340-1: imagemagick vulnerabilities

06 September 2006

imagemagick vulnerabilities

Details

Tavis Ormandy discovered several buffer overflows in imagemagick's Sun
Raster and XCF (Gimp) image decoders. By tricking a user or automated
system into processing a specially crafted image, this could be
exploited to execute arbitrary code with the users' privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06
  • libmagick9 - 6:6.2.4.5-0.6ubuntu0.2
Ubuntu 5.10
  • libmagick6 - 6:6.2.3.4-1ubuntu1.3
Ubuntu 5.04
  • libmagick6 - 6:6.0.6.2-2.1ubuntu1.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.