---

Home Security

Advisories: January 31, 2006

By

Debian Security Advisory DSA 957-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 31st, 2006 http://www.debian.org/security/faq

Package : imagemagick
Vulnerability : missing shell meta sanitising
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4601
BugTraq ID : 16093
Debian Bug : 345238

Florian Weimer discovered that delegate code in ImageMagick is
vulnerable to shell command injection using specially crafted file
names. This allows attackers to encode commands inside of graphic
commands. With some user interaction, this is exploitable through
Gnus and Thunderbird. This update filters out the ‘$’ character as
well, which was forgotton in the former update.

For the old stable distribution (woody) this problem has been
fixed in version 5.4.4.5-1woody8.

For the stable distribution (sarge) this problem has been fixed
in version 6.0.6.2-2.6.

For the unstable distribution (sid) this problem has been fixed
in version 6.2.4.5-0.6.

We recommend that you upgrade your imagemagick packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8.dsc

      Size/MD5 checksum: 852
fc5fe3786f18e31776c5109149beac1d
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8.diff.gz

      Size/MD5 checksum: 17314
476cdfed2f44b7408ddad37f4c3324cb
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz

      Size/MD5 checksum: 3901237
f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 1310122
6e7cc62b742c715da4f71d218ae1dbae
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 154410
ec18833c61573cbb75495706283abbb5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 56628
ed24011751c90a526ffad462fc9440a0
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 833808
85d1c0728ec664f0743ddd354e771613
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 67624
a10f44b82341a743cf0dce936b036791
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_alpha.deb

      Size/MD5 checksum: 114122
96be3fb4dc0feb9ac580ba008f825479

ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 1297412
3660aafabc9853cc02a84d121c28d218
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 119112
06af700adbbcae6e0016a66e16699be3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 56668
3e41f0ce3936ba06f82893592a299620
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 899276
1e765ee6069a3c600ab85cd834811a6b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 67654
79eec2c54b674de34462f2a03981d487
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_arm.deb

      Size/MD5 checksum: 110240
081b7a943d53aca6fa73f7e55c65e04b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 1295102
56fda4def88fee79d55a25408d1367f4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 123052
c6a678056c89d1d209bd2229508db7ad
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 56622
b7e7f7bb5cd2db7ae5442d489f84ca6a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 773080
4be1dca5495ec0fb693fd4259f6771d6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 67628
86670caf1de2af4fb615a8c37d363476
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_i386.deb

      Size/MD5 checksum: 107222
bff291fb05404aaf8443fc7f3dfb215a

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 1336524
f6e874c0f356f086b25a5e7cda47e1d2
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 137324
f5477f0f6a5732da5a1aec516fea10be
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 56616
922c1e5bfe24ae8d97d0e379eed5edd6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 1360990
2eb6baafb4da8ceb2c180288d73fd908
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 67616
b439ab496728aa296edefae8e5d95ac7
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_ia64.deb

      Size/MD5 checksum: 133210
9316b73f9cf104d261232007665b20be

HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 1297674
194a73335f07050d724032bb9b617662
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 133210
eafafaf36638ae4b1a4724cf7c4d4076
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 56650
bd6b63b0afa947500f25071882c55029
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 860276
2367a0d340dfd77e233e1ff44d912860
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 67650
483cb98e795fa766dd75d7fbdaca7e51
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_hppa.deb

      Size/MD5 checksum: 117490
1916bb19413149f75574c1e0b47fd17f

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 1292806
a6cdf914dd8cd42a05a24c364efd8cf1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 134354
9262f6a7711e3b29f3d2f4684b474ef1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 56678
797cb053ba284925a03b1341f8ff56e9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 752370
8b2aeaee15aeb5abdcd7d893a301d40c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 67664
dc657000266fb7b006ddefddff228e09
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_m68k.deb

      Size/MD5 checksum: 107738
471fa959b23b55d3c84f396605cba95c

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 1295082
efec5ed88a154119a99ad1c0680c59da
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 120634
16c520819991b7bcb6edf07a49fee876
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 56650
d9a7443f80fb00c601a125d567b25cac
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 733390
a52d539e93bcf4df419dfa8e5be0b5ee
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 67640
9568e5594003e8d6cde0c434ad77ed39
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_mips.deb

      Size/MD5 checksum: 103632
82ddc266a154f7d32ac322a432114ce0

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 1295048
07cbfae85d7e8679d34892675f680677
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 114370
7013ec06ff5e43aec08369fbf193e2cd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 56648
0f70429c7dbd7b33a5414350d30ffdb1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 721384
6376e45c7d924d9a5f05b2d95567e6a4
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 67642
3a52af230b71320f8c619c29fc285d3e
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_mipsel.deb

      Size/MD5 checksum: 103174
2272f134bbf2037ac0cc9b45876226d9

PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 1291800
b3f9fea9455f4cbc524bc23d837454f8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 136272
ea45b9489de0b3cc7c7eb5f896395053
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 56654
d3ce6799d942e7ca2ffb8b6151b901d5
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 786860
70359219d37a020483f88fdff52e42e8
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 67652
14500c33cb915bcc0ff47fc28a5e9d54
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_powerpc.deb

      Size/MD5 checksum: 112254
70897317fd9f70118050e0394baa3d12

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 1292436
0db82cb50b3099a23d148796c97a0fda
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 132330
231bf99cce33ceb7ed57ff25de58cf23
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 56638
910d42a99a002d7c9dfdf53088f343c3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 778558
55b347b24865f4d091e66f1d3d24b29a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 67644
57b78589265f4742c63415eccfc3e3dc
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_s390.deb

      Size/MD5 checksum: 109298
e53c1e144ee7a8efc9ad8ecccc5367a0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 1295500
743baa1e66e35cb818796d9902329f4e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 124180
5d751786cb2eb961e90f9aefef773038
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 56644
29dd7f1f12d654e213171a3d07526836
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 803108
b7dd1711e1ac8cc54062a89e67a6fd0a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 67644
1e533b50eb823312ab6c3205b36ab979
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_sparc.deb

      Size/MD5 checksum: 113212
9ee27c60fc34414c2fab06c4853965eb

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6.dsc

      Size/MD5 checksum: 881
0e796791b4d0d38a126943f4ac763877
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6.diff.gz

      Size/MD5 checksum: 138618
69d60be6bee98d15541b2286af116815
    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz

      Size/MD5 checksum: 6824001
477a361ba0154cc2423726fab4a3f57c

Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 1469444
964f2bc29335c90a2467b08a9826cdee
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 173526
2e82f8c71ee00b2f3cc6479ef2f55e46
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 288330
542c13b3c4f8bd40c8f725212f826e22
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 1284046
349cc67cc1c8d303c39fe9eb482cfdb6
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 2203062
5a25351b5999e818403993b8f28024f8
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_alpha.deb

      Size/MD5 checksum: 143550
37a5961dcaac9f71d069d3ea322612ff

AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 1466012
a1c12b8ffae29cce27c925c778021bb9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 163208
e1154aa04c41bb84ce39552dc545c832
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 228442
4bbf59666510d6e72a77fd2e44b25a53
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 1194092
97882af154b4fb8dfafab2fb092f7d49
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 1549164
539e4c0b79b592d86b84bb39c4b30be3
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_amd64.deb

      Size/MD5 checksum: 231434
c94b21bf8da8a21a970b75585ccd083c

ARM architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 1465822
86ceb3a7635ebc85c9fc33f89be07e01
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 148954
d75cd86d8c367d423152185f1727c7dc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 234302
7a67f5b9ae7e5c443cd0efe3a9f21214
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 1203732
71c79725b0a88333cf49352c91bb015a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 1646600
fe1cb0b914986ce7de4097bc202086a1
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_arm.deb

      Size/MD5 checksum: 230170
1663ca4eecf32720e926e42374eb29d8

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 1464880
a6484968d6266d84511d42aafe9d8b4a
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 164176
0251ebfa8224d473a21a4bf05ad9241e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 208614
4ce852a7d585a7cebfca8e9917e3a422
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 1171198
508c49cba176742c094673ac7ea69828
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 1506456
2c943424eda5c21ac56cb1b1df1dd216
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_i386.deb

      Size/MD5 checksum: 233408
c3c15079156a4bc54fe79a284548e0f2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 1468152
a71a8028d4327dee0b349d882b92988f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 187830
21e667718d622c2f9003f806351e9452
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 295708
e637ff5a522f5d31142ecfc80111c0f3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 1604484
ab8c9e19f02d7284afae3782fae36738
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 2131166
042d26f0023f4f934771720122e2cad4
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_ia64.deb

      Size/MD5 checksum: 273162
bda69bba1b35c6e2dbadd5b571647f5e

HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 1467962
2695e6615e8a1d54a8795e7b7ccd7d5e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 181824
638e786e77c3908a5fc2a118eabf11ef
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 273384
c4c33957a672224bd9355289e7e8c3fd
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 1403070
53678e914d1cbb8d7024be6b13f1b0ed
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 1826426
ba0e22baee2900a2aacc8896da1ea019
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_hppa.deb

      Size/MD5 checksum: 243470
b0410430f2789ab87a31ced5b6daeb51

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 1465602
944a3c644879fc8e9f3b7d21f65e1e9e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 159508
09bc4fff881c61c2d4a37f6c2b526125
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 210314
f29c0feacb9fb86dd61565aa54d898d9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 1071926
ee2b868b697f0293460b3975ca14eb81
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 1287614
2e55f90680f2307313c8b7ef532651c1
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_m68k.deb

      Size/MD5 checksum: 226592
fdcd89c4ffd46d7f2692a1b60a233ef3

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 1489966
664f905bb72568539cf3691f8f60f8d7
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 155148
7ba9e7f242d23648db74c8234d49fb95
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 254374
040335d7e603c18787c09f803bc41356
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 1118324
9a2560fe7076b640ccdde87c7465bee9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 1703524
c3fe66c6966749b27c733131b46a3e45
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_mips.deb

      Size/MD5 checksum: 130976
4e927420b0678cf03042679b3e3ebf15

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 1489946
60610af21d83d180783af754c302748e
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 151236
0c2d67bbc22f675aeb13f747c4fa90be
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 249628
8a1289f192b7e014a15f0a80487b23d9
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 1113872
52dfebd7e49b9ca920fa1a24d677813b
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 1666924
b5287ae66632ece6091956c1b2dc536a
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_mipsel.deb

      Size/MD5 checksum: 130590
0a021be65810574329f4f4e04fbb8b48

PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 1471546
b93e8cf3fdd7eab3de20dd2a8e9da7ff
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 156414
1ec5bf71bd79d7ed3ed2392bcbe1096c
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 227362
537a73ea2b4b27a64e9c9a9265c1d1b1
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 1168818
e0e56fda81b3792da94ddf0993bd4174
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 1683812
c68f1cc30f39c1784aef07bb16727c0f
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_powerpc.deb

      Size/MD5 checksum: 270158
ea705b62298ba337091e3d1a7b2ee4c6

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 1467244
e37730a9ffa9a5eb7cd782191ea002d3
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 180172
7045c0fd009f9d8cadc353d6bf1dc583
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 229792
f7fb6ea97d566f5ea3d93b8db88c7994
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 1193208
941041ddf64b764d0225c82df6733256
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 1529780
87ee97f5f8cdc144672fd89f5d5bc884
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_s390.deb

      Size/MD5 checksum: 241762
b80e71729b5187fa45534b1a86bbeccc

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 1465436
e5cd120ac0c1c14149feb61117837862
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 160680
ffdae03d8d729860812f70928c67a66f
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 223974
9fdf86ae96e6d0ddc3e709c30c94aebc
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 1248148
874d0065d40f1a33094c1f292b5f4b81
    http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 1682788
97522ea44adcf1345c60c089f835e09d
    http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_sparc.deb

      Size/MD5 checksum: 230556
e7b82650e316baaa6f55e5071c21d703

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 960-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 31st, 2006 http://www.debian.org/security/faq

Package : libmail-audit-perl
Vulnerability : insecure temporay file creation
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-4536
Debian Bug : 344029

Niko Tyni discovered that the Mail::Audit module, a Perl library
for creating simple mail filters, logs to a temporary file with a
predictable filename in an insecure fashion when logging is turned
on, which is not the case by default.

For the old stable distribution (woody) these problems have been
fixed in version 2.0-4woody1.

For the stable distribution (sarge) these problems have been
fixed in version 2.1-5sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 2.1-5sarge1.

We recommend that you upgrade your libmail-audit-perl
package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody1.dsc

      Size/MD5 checksum: 663
f1cc82dae98e2a7ae42e29e757797b41
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody1.diff.gz

      Size/MD5 checksum: 5548
64f85349649a968db3493fa8ba27aea1
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0.orig.tar.gz

      Size/MD5 checksum: 12526
3bc6043611f0fabdd856498e25bd48f6

Architecture independent components:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody1_all.deb

      Size/MD5 checksum: 29446
d7e0e9264e08f04777eb05f543956498
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-audit-tools_2.0-4woody1_all.deb

      Size/MD5 checksum: 8840
f97415f72fcf1806b18e9e059ae5c6e0

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge1.dsc

      Size/MD5 checksum: 786
766a0a1d409fb6a55d0fd28cfeb9139d
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge1.diff.gz

      Size/MD5 checksum: 4227
48ed975c7c87db86bcafde084cde94a5
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1.orig.tar.gz

      Size/MD5 checksum: 21669
b52b1142fa9ed7d847c531186f913ea6

Architecture independent components:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge1_all.deb

      Size/MD5 checksum: 41836
38128df51141ba4bd495f3d698629b52
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-audit-tools_2.1-5sarge1_all.deb

      Size/MD5 checksum: 12176
1d898a6a9f2a40cad0416d5b107df3bd

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 960-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 31st, 2006 http://www.debian.org/security/faq

Package : libmail-audit-perl
Vulnerability : insecure temporay file creation
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-4536
Debian Bug : 344029

This update only corrects the update for sarge, the version in
woody is correct.

Niko Tyni discovered that the Mail::Audit module, a Perl library
for creating simple mail filters, logs to a temporary file with a
predictable filename in an insecure fashion when logging is turned
on, which is not the case by default.

For the old stable distribution (woody) these problems have been
fixed in version 2.0-4woody1.

For the stable distribution (sarge) these problems have been
fixed in version 2.1-5sarge2.

For the unstable distribution (sid) these problems have been
fixed in version 2.1-5.1.

We recommend that you upgrade your libmail-audit-perl
package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge2.dsc

      Size/MD5 checksum: 786
00abe0533af4fb16e3f65a5dda9ded34
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge2.diff.gz

      Size/MD5 checksum: 4266
4348a85b636a87503374874354eefdcd
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1.orig.tar.gz

      Size/MD5 checksum: 21669
b52b1142fa9ed7d847c531186f913ea6

Architecture independent components:

    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge2_all.deb

      Size/MD5 checksum: 41874
136f752ab91f2ce393f1c943d151c0e3
    http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-audit-tools_2.1-5sarge2_all.deb

      Size/MD5 checksum: 12222
d3caeeef4e88540511c1fdb3ae3f8877

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.