Debianin tietoturvatiedote

DSA-331-1 imagemagick -- epäluotettava väliaikaistiedosto

Ilmoitettu:

27. 6.2003

Vaikutuksen alaiset paketit:

imagemagick

Altis:

Kyllä

Viittaukset tietoturvatietokantoihin:

Bugtraq-tietokannassa (SecurityFocuksella): BugTraq-tunniste 8057.
Mitren CVE-sanakirjassa: CVE-2003-0455.

Lisätietoa:

imagemagick'in libmagick-kirjasto luo tietyissä olosuhteissa väliaikaistiedostot tekemättä asiaankuuluvia turvatoimia. Tätä haavoittuvuutta hyväksikäyttämällä paikallinen käyttäjä voi luoda tai ylikirjoittaa tiedostoja sen käyttäjän oikeuksilla joka kutsuu tätä kirjastoa käyttävää ohjelmaa.

Ongelma on korjattu vakaan jakelun (woody) versiossa 4:5.4.4.5-1woody1 .

Ongelma on korjattu epävakaan jakelun (sid) versiossa 4:5.5.7-1 .

Suosittelemme päivittämään imagemagick-paketin.

Korjattu:

Debian GNU/Linux 3.0 (woody)

Lähde:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.dsc; http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.diff.gz; http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_arm.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_i386.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mips.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_s390.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_sparc.deb

Listattujen tiedostojen MD5-tarkistussummat ovat luettavissa alkuperäisestä tiedotteesta.