[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:37533] Forward: [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation

From: Kenshi Muto <kmuto@xxxxxxxxxxxxxxx>
Subject: [debian-users:37533] Forward: [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation
Date: Sun, 29 Jun 2003 11:07:06 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-level:
X-spam-status: No, hits=-1.3 required=10.0 tests=EIGHTBIT_BODY,ISO2022JP_BODY,MAILTO_WITH_SUBJ, PGP_SIGNATURE,SIGNATURE_SHORT_SPARSE,SPAM_PHRASE_00_01 version=2.44
X-virus-scanned: by amavisd-new-20030314-p1 (Debian) at topstudio.co.jp
References: <20030629013455.GV3922@xxxxxxxxx>
Message-id: <20030629020647.0B425222EF3@xxxxxxxxxxxxxxxxxxxx>
X-mail-count: 37533
User-agent: Wanderlust/2.9.15 (Unchained Melody) SEMI/1.14.4 (Hosorogi) FLIM/1.14.4 (Kashiharajing�-mae) APEL/10.4 MULE XEmacs/21.4 (patch 12) (Portable Code) (i386-debian-linux)

現在の Debian 安定版 (3.0 woody) にセキュリティに関する深刻な問題が発見
されました。

対象パッケージ: imagemagick

対処済みのパッケージに更新するには、

deb http://security.debian.org/ stable/updates main contrib non-free

を /etc/apt/sources.list に追加し、

apt-get update ; apt-get upgrade

を実行してください。

詳細については添付のアナウンスをご覧ください。

--- Begin Message ---

From: Matt Zimmerman <mdz@debian.org>
Subject: [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation
Date: Sat, 28 Jun 2003 21:34:55 -0400
Content-disposition: inline
List-archive: <http://lists.debian.org/debian-security-announce/>
List-help: <mailto:debian-security-announce-request@lists.debian.org?subject=help>
List-id: <debian-security-announce.lists.debian.org>
List-post: <mailto:debian-security-announce@lists.debian.org>
List-subscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>
List-unsubscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>
Old-return-path: <mdz@xxxxxxxxxxx>
Priority: urgent
Resent-date: Sat, 28 Jun 2003 20:34:57 -0500 (CDT)
Resent-from: debian-security-announce@lists.debian.org
Resent-message-id: <73COmD.A.b0E.AJk_-@murphy>
Resent-sender: debian-security-announce-request@lists.debian.org
X-bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.2
X-debian: PGP check passed for security officers
X-loop: debian-security-announce@lists.debian.org
X-mailing-list: <debian-security-announce@lists.debian.org>
X-original-to: kmuto@xxxxxxxxxxxxxxx
X-spam-checker-version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp)
X-spam-level:
X-spam-status: No, hits=-110.3 required=10.0 tests=BAYES_00,PGP_SIGNATURE,USER_AGENT_MUTT,USER_IN_WHITELIST, X_LOOP,X_MAILING_LIST autolearn=ham version=2.54
X-virus-scanned: by amavisd-new-20030314-p1 (Debian) at topstudio.co.jp
Message-id: <20030629013455.GV3922@xxxxxxxxx>
User-agent: Mutt/1.5.4i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 331-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
June 27th, 2003                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imagemagick
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE Ids        : CAN-2003-0455

imagemagick's libmagick library, under certain circumstances, creates
temporary files without taking appropriate security precautions.  This
vulnerability could be exploited by a local user to create or
overwrite files with the privileges of another user who is invoking a
program using this library.

For the stable distribution (woody) this problem has been fixed in
version 4:5.4.4.5-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 4:5.5.7-1.

We recommend that you update your imagemagick package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.dsc
      Size/MD5 checksum:      852 d5287cb8bb5ebea7feb163dce7eb8745
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.diff.gz
      Size/MD5 checksum:    13713 97639f0bf3a5b64cdb64be4cad800b22
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
      Size/MD5 checksum:  3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:  1309154 d10139392bc5d82619c80c91e9877e78
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:   153872 54e5bef7b11b49db821d848dd1cdb46b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:    55832 04c80b948497f84d9a8986a9129e0a1a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:   831150 02277cf6f610d47bc6b407891206a75c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:    66896 33e498a7e3feb84ae35c1fd8dcd6435e
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_alpha.deb
      Size/MD5 checksum:   113414 4bf9c2bbdd47c137c92e86f8e778c623

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:  1296660 9e0819548f01c7423730043c37283fec
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:   118278 e1b9d0198d61f6eb354f61f508d50220
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:    55870 9193725a617bd076e34678e8dc7870bb
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:   896558 2fbd372591d2b262c506ccdf6279dc13
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:    66928 54c4c1a1ea835fb28fc2bfdfac6fdd5c
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_arm.deb
      Size/MD5 checksum:   109542 241c0e1f3aa2014479591e7c90cc3e3e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:  1294636 6ebfed48af04904c53cb3b167d35f8c9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:   122406 a2a44e6b90b4661cbdce947dbb5cea6d
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:    55866 73beac80a24ce0f7ad7a8b00c3d23360
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:   769968 0999159912077ffa4e6e9b1a813d06f9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:    66918 68190ab0bd2c82b347e250c39580e810
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_i386.deb
      Size/MD5 checksum:   106550 da18e85a4ab5120c0e6a14a900628ce5

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:  1335610 9836eb7439f6b806a4c06f314922d03a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:   136736 3b5d3b07566eebebed117e27d6c70880
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:    55826 7b1ae8505a7b66b917a705abddbb8337
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:  1354912 9f7cb7031b17c60110b6b807c4976c65
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:    66888 915675cc1be6c2ec1aa1c2317f287ab0
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_ia64.deb
      Size/MD5 checksum:   132546 8e91d9b19ea31dfc5ab8082bf4d424c2

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:  1296918 8ecf64e7738980aa040e5e03a2ee640b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:   132462 8cf94dbb086206f9ee00fe777f550357
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:    55864 d2bc8567aa8d2d412a16d7d123c9eb11
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:   857142 4effa98d340a4adc3e01e08693f0f9c0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:    66920 4235b8e124f8872d4aa0716031ba16e0
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_hppa.deb
      Size/MD5 checksum:   116788 0ad5543d824d37dd507e496816a6a996

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:  1291910 0f79f1b5c834119c55cafdf370b6dd2e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:   133604 6b949f8416e73e015ce3e8c55eb88871
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:    55880 ff697d65ba7893023f69334b3aa14dec
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:   750226 7760eeacbf881fd994e37c2bc824f8c0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:    66958 2cbf7b99d2da0b88994776aa91552e20
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_m68k.deb
      Size/MD5 checksum:   107050 5a895603cb4a0e48e7271a302cad7cee

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:  1294384 4fe7c423a428d9879590b0a15debfd24
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:   119758 5c13b74e3fbb360822a23dce0c739bca
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:    55882 671f295f4f2f98e998c8a8c0bd70ccbb
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:   730286 f091d817357ec3c6a0c4c1e4d4f80b7b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:    66932 139499cceccb1a43665a8fa7e451774e
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mips.deb
      Size/MD5 checksum:   102960 2c9659cc2cb80059344a5daf30042c81

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:  1294254 56f9a24d4ca3f5085c4764fff7e26643
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:   113250 347dd47ba9f259320fbd9694c59f7643
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:    55870 85567e1aae400036fc37be9c58d18ec4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:   718640 79af8a4685086c782b0b55aff35c7e01
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:    66934 be08669429d5efc1f6a408b0d5cc9aec
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mipsel.deb
      Size/MD5 checksum:   102492 758c8d725f91c2b966cbe648315b1982

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:  1290880 e56a6fcbc1b06d63f0d8624a6c14ff55
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:   135542 637e7a4decebc592c4392c5d28fedcfb
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:    55868 7adc59ccb76521f5f257cf2a400b9fcc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:   783718 b15259a4f6352b42adc1f2ceeff4c3b2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:    66920 87b669690d7d5cc503e94d159936cafb
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_powerpc.deb
      Size/MD5 checksum:   111546 8ce272013a9dc7a7d1ba21bde37224ed

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:  1291660 5eb4312df52449e33801d22fe79ae8b9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:   131618 138ec629de5947a631d96e36fdd20925
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:    55858 e01a9940a1c4013ef863e5824b62775b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:   775122 c24c8778527e89485f8c1615a90b2cc0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:    66910 278a7bc2cfa9c0df57583906f60a23e5
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_s390.deb
      Size/MD5 checksum:   108586 3a65d9b73cf2894b21263fd11b1ca598

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:  1294684 7b6da4b91f91e09fea287d613548c870
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:   123462 4be81cc71d4da063f45ef86bf1e8c0be
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:    55856 693ab80759b91751f1d39a42297428d3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:   800230 6c36c10ef707cb6783fae7999b8f8786
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:    66926 95b5886aef2a301c2bb4aecffbb7c116
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_sparc.deb
      Size/MD5 checksum:   112502 72c181c78fa4b8b63f635612870e78ef

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+/NNYArxCt0PiXR4RAoeUAJkBJ4m1Ghm8tYeY5PU90L8dZn5UAACgjKDs
VwJ4XRIHz44wSrE25hhlcao=
=0nBo
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---

Prev by Date: [debian-users:37532] Re: カーネルのアップグレードでネットワークが・・・
Next by Date: [debian-users:37534] [Translate] [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation
Previous by thread: [debian-users:37530] Bug#JP/1584: marked as done (Please remove widestudio)
Next by thread: [debian-users:37534] [Translate] [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation
Index(es):
- Date
- Thread