Your message dated Fri, 05 Feb 2016 08:04:50 +0000
with message-id <[email protected]>
and subject line Bug#806441: fixed in imagemagick 8:6.8.9.9-5+deb8u1
has caused the Debian Bug report #806441,
regarding Buffer overflow in coders/icon.c and integer truncation in
coders/pict.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
806441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806441
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.6.0.4-3
Tags: security patch
Severity: important
Control: fixed -1 8:6.6.0.4-3+squeeze7
This bug is about two security issues in image parsing code that had been
reported to Ubuntu (and are tracked in the Debian security tracker):
The one in coders/icon.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
The one in coders/pict.c:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
The attached patches fix both of those issues in squeeze. I guess they
will be easy to forward-port to other versions.
Both of those issues apply to all versions currently in Debian.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Description: Fix buffer overflow in icon parsing code
This patch backports a small extract of a larger upstream
commit that addresses this specific issue.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Applied-Upstream: 7.0.0
Last-Update: 2015-11-26
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/coders/icon.c
+++ b/coders/icon.c
@@ -275,6 +275,8 @@ static Image *ReadICONImage(const ImageI
Icon image encoded as a compressed PNG image.
*/
length=icon_file.directory[i].size;
+ if (~length < 12)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
png=(unsigned char *) AcquireQuantumMemory(length+12,sizeof(*png));
if (png == (unsigned char *) NULL)
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
Description: Fix overflow in pict image parsing
Backport a small part of an upstream commit fixing
an issue with pict image parsing.
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
Applied-Upstream: 7.0.0
Last-Update: 2015-11-27
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/coders/pict.c
+++ b/coders/pict.c
@@ -1589,6 +1589,7 @@ static MagickBooleanType WritePICTImage(
x;
size_t
+ row_bytes,
count;
unsigned char
@@ -1602,7 +1603,6 @@ static MagickBooleanType WritePICTImage(
unsigned short
base_address,
- row_bytes,
transfer_mode;
/*
@@ -1633,7 +1633,7 @@ static MagickBooleanType WritePICTImage(
source_rectangle=size_rectangle;
destination_rectangle=size_rectangle;
base_address=0xff;
- row_bytes=(unsigned short) (image->columns | 0x8000);
+ row_bytes=image->columns;
bounds.top=0;
bounds.left=0;
bounds.bottom=(short) image->rows;
@@ -1663,7 +1663,7 @@ static MagickBooleanType WritePICTImage(
pixmap.bits_per_pixel=32;
pixmap.pack_type=0x04;
transfer_mode=0x40;
- row_bytes=(unsigned short) ((4*image->columns) | 0x8000);
+ row_bytes=4*image->columns;
}
/*
Allocate memory.
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u1
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated
imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 09 Jan 2016 23:05:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u1
Distribution: stable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-common - image manipulation programs -- infrastructure
imagemagick-dbg - debugging symbols for ImageMagick
imagemagick-doc - document files of ImageMagick
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick -
development files
libmagick++-dev - object-oriented C++ interface to ImageMagick
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-2-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-dev - low-level image manipulation library -- transition package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-2 - image manipulation library
libmagickwand-6.q16-dev - image manipulation library - development files
libmagickwand-dev - image manipulation library - transition for development
files
perlmagick - Perl interface to ImageMagick -- transition package
Closes: 770009 806441 811308
Changes:
imagemagick (8:6.8.9.9-5+deb8u1) stable; urgency=medium
.
* Fix build on mips by printing progress (Closes: #770009).
* Fix a few security bugs:
- A DOS on specially crafted MIFF file.
- A DOS on specially crafted Vicar file.
- A DOS on specially crafted HDR file.
- A DOs on specially crafted PDB file.
- Fix a Null dereference in coders/png.c (LP: #1492881).
- Fix a double free in coders/tga.c (LP: #1490362).
- Avoid a DOS for RLE file.
- Avoid a bufer overflow by using field limit in sprintf.
- Avoid a stack overflow in fx handling.
- Fixed size of memory allocation in RLE coder
to avoid segfault (LP: #1496649).
- Add extra checks to avoid out of bounds error
when parsing the 8bim profile. (LP: #1496645).
- Fixed memory leak when reading incorrect PSD files (closes: #811308)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
- Fix PixelColor off by one on i386.(closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54
- Fix out of bounds error in -splice operator.
- Prevent null pointer access in magick/constitute.c (closes: #811308)
https://github.com/ImageMagick/ImageMagick/pull/34
- Fix another memory leak in string handling.
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
- Fix an integer overflow that can lead to a double free in
pict parsing (LP: #1448803, closes: #806441).
Checksums-Sha1:
86425dac023f208e852ac56e338cc7af6bfa5d7d 3880 imagemagick_6.8.9.9-5+deb8u1.dsc
4fe41325e3ecdeb5f9dce45a4dd0beaac8593cff 213760
imagemagick_6.8.9.9-5+deb8u1.debian.tar.xz
f28e9727c5d00567d9b9921af78dabc6579582c9 148710
imagemagick-common_6.8.9.9-5+deb8u1_all.deb
84febc59b1ed31610c6160580fe70160103b168b 7573528
imagemagick-doc_6.8.9.9-5+deb8u1_all.deb
b74ff0c6825a3957096aec98b2450ae967e6edd3 167250
libmagickcore-6-headers_6.8.9.9-5+deb8u1_all.deb
c57bbea2bfc1804cb99ef143db3824c847bfdca6 130434
libmagickwand-6-headers_6.8.9.9-5+deb8u1_all.deb
b3fb7e692d4533099ade747170ca8472f0247004 166072
libmagick++-6-headers_6.8.9.9-5+deb8u1_all.deb
a25eb30bb761b38ca57130f9aa3e201988ca06bd 155334
imagemagick_6.8.9.9-5+deb8u1_amd64.deb
93f42ba11019df5f4b53597496843dc952887219 173784
libimage-magick-perl_6.8.9.9-5+deb8u1_all.deb
19a878f26614cc80ec6c537c5bf747497f7269d9 129206
libmagickcore-6-arch-config_6.8.9.9-5+deb8u1_amd64.deb
abc11d6ef0d99e685bc1a89e377302ab10d63f0f 512106
imagemagick-6.q16_6.8.9.9-5+deb8u1_amd64.deb
c9d7e1433bce6bade5f779f2bba3e3d02776230e 1677634
libmagickcore-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
1553c2987d92e502e6c0cbbdf64dbe014bf9624d 168296
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u1_amd64.deb
c4ddd074ebc1e66c92390a0b30bd0f36368e240d 1025376
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
4f39ade6438009a36d3a7a2e05e6b1d152c6ce68 402776
libmagickwand-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
e679889c9fe20d8cbe4a9489f3f91ac3c316dca3 391640
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
0faab1176e9906dc05b17acedd974260a27dc0b0 253594
libmagick++-6.q16-5_6.8.9.9-5+deb8u1_amd64.deb
2870d8f36036577ff6dc5b070d69492f1243622b 220854
libmagick++-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
044b05d04659c96970892d132a76d5c14bb5fd2d 5001062
imagemagick-dbg_6.8.9.9-5+deb8u1_amd64.deb
996560283e78525836251a7b4266cf4a94d132fd 219494
libimage-magick-q16-perl_6.8.9.9-5+deb8u1_amd64.deb
eb58309e6acda52f52f3de8f6e12544a9a28b01c 121748
perlmagick_6.8.9.9-5+deb8u1_all.deb
31d0d3e617d9e0ec86552a103b9394afd7f56e17 121728
libmagickcore-dev_6.8.9.9-5+deb8u1_all.deb
b5208834a9bf9c495e418b51d2492965834c0d2d 121718
libmagickwand-dev_6.8.9.9-5+deb8u1_all.deb
8d328410b7e2d68437c3b49a3cbb13c95e5f0055 121742
libmagick++-dev_6.8.9.9-5+deb8u1_all.deb
Checksums-Sha256:
a55f6ab34b787084a69976971a34c679933e62983fb7cff9044368bdd371a8b8 3880
imagemagick_6.8.9.9-5+deb8u1.dsc
d247adb1d769a07b7007c670393a59add2d589a0d51788ab8d5b00db9a8d6528 213760
imagemagick_6.8.9.9-5+deb8u1.debian.tar.xz
6df948b3bf6dc68d3999eed67fe87cd224f2d99d6df69cb32dc2c0565922ac7f 148710
imagemagick-common_6.8.9.9-5+deb8u1_all.deb
11508b37b2ea959a04abf975fd5f0ec0d9789e3bb6ab9d66e023f4ced4f4df5a 7573528
imagemagick-doc_6.8.9.9-5+deb8u1_all.deb
986fc2819ad0b29d4c4df0e20b48e26dd975822ae873de4349c23a9d8fcc56d2 167250
libmagickcore-6-headers_6.8.9.9-5+deb8u1_all.deb
6c3814aa346cc5507ab5fd6f7e6beca8201d9518e7bba57160a22c4afaf9d6fb 130434
libmagickwand-6-headers_6.8.9.9-5+deb8u1_all.deb
791e294c37c96ce7fbec3c33e424979bd3db8bb30ef5d11b8f97ac7c4c6d1e6b 166072
libmagick++-6-headers_6.8.9.9-5+deb8u1_all.deb
a703b1b82ff554ec8e3ea2021f2205c55d368a2f18505a57584d0a4a6a099912 155334
imagemagick_6.8.9.9-5+deb8u1_amd64.deb
e3d231c2ed542fad31005fc2a2d5b24375f16da435a4228794895fd2ab8d3252 173784
libimage-magick-perl_6.8.9.9-5+deb8u1_all.deb
4ecefe0cac6f2688688b192599355fda7fddb08003f2bc85a99bb4d17ad09eb5 129206
libmagickcore-6-arch-config_6.8.9.9-5+deb8u1_amd64.deb
8f7119513933957219d5d43e97c2ff99a640a90af146557e750fb5722bda324a 512106
imagemagick-6.q16_6.8.9.9-5+deb8u1_amd64.deb
e9d4a5b1f580d3ac737362dd3488d07bd07b0ba054271376053f394ba3a70ab5 1677634
libmagickcore-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
42d3d3cc5a972dbab676c9109576e08be7daeb65bad67f8d076cb2b5271aef74 168296
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u1_amd64.deb
52b23a6b776c4236249361374faf6c04758d34895f760d76ed93e29741230e3b 1025376
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
3a80b47b787797aa25f6ff50b13f71843b3f8b4aca451146bf8004d09bfe0e39 402776
libmagickwand-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
8c04f00e71e50819336e38c50ca5a8a17b1c3906b7a08bf35a79f96dd06dcdc3 391640
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
708a942a3711295f09a9c9dca3b38c8952821d3f9e494ebe46478388072240e5 253594
libmagick++-6.q16-5_6.8.9.9-5+deb8u1_amd64.deb
e9995f9435274c68a7da5976a6b350e6c4a5dd32ec91a723e99e848bf1ac55bf 220854
libmagick++-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
550cbebddcd2cd4c6b95f4e9cd3b528a7aebc3b6837fb0b2dc893a5f09ba6737 5001062
imagemagick-dbg_6.8.9.9-5+deb8u1_amd64.deb
109eca5702552f3c1751286c64bf759bf16775725f1d89bf7a11c52d97fa676b 219494
libimage-magick-q16-perl_6.8.9.9-5+deb8u1_amd64.deb
b877a706e8f9cba6a4d6bc0f2810d98b8efdcf0f874e87de389ba6ae908679a3 121748
perlmagick_6.8.9.9-5+deb8u1_all.deb
dd499dd99fd945578aa5a2869186a4f169c364fc69276214c099e20f3659d3b0 121728
libmagickcore-dev_6.8.9.9-5+deb8u1_all.deb
f5077162156e52468bebb676e9d9189a12c98029b7f54f917e1c6947dc4f454f 121718
libmagickwand-dev_6.8.9.9-5+deb8u1_all.deb
5045f8a688d8f02631d58cd3614dabfed79e4d4e10e5fff44f24247cbeb776dd 121742
libmagick++-dev_6.8.9.9-5+deb8u1_all.deb
Files:
66d980310f3c1628619562bd53e77446 3880 graphics optional
imagemagick_6.8.9.9-5+deb8u1.dsc
34c7d9855ad7fa0260090d4c7ea3a980 213760 graphics optional
imagemagick_6.8.9.9-5+deb8u1.debian.tar.xz
c886e3e11d8883a8517aebb1867de3d1 148710 graphics optional
imagemagick-common_6.8.9.9-5+deb8u1_all.deb
87d76a7331e9be3e199cc015a90838ce 7573528 doc optional
imagemagick-doc_6.8.9.9-5+deb8u1_all.deb
2cc9d1d310155bb1a9eb6aeb232df361 167250 libdevel optional
libmagickcore-6-headers_6.8.9.9-5+deb8u1_all.deb
93e789cb74b1b0360983f9d47bd4d73c 130434 libdevel optional
libmagickwand-6-headers_6.8.9.9-5+deb8u1_all.deb
67cc1361852e47f3f3c1804197bd2538 166072 libdevel optional
libmagick++-6-headers_6.8.9.9-5+deb8u1_all.deb
63e21877599939ada5f5c1bcfc92c7cd 155334 graphics optional
imagemagick_6.8.9.9-5+deb8u1_amd64.deb
8a474569ed2f36f14e6329d736b3a3d4 173784 perl optional
libimage-magick-perl_6.8.9.9-5+deb8u1_all.deb
9075516acccbaa5d3267dc2d94871aa3 129206 libdevel optional
libmagickcore-6-arch-config_6.8.9.9-5+deb8u1_amd64.deb
b621f2940b5335fe65f2bb9fa8461392 512106 graphics optional
imagemagick-6.q16_6.8.9.9-5+deb8u1_amd64.deb
4481128ea13e8f1dc2c93364b27a2497 1677634 libs optional
libmagickcore-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
ad8957098d090bd2df5dd105c16dc43d 168296 libs optional
libmagickcore-6.q16-2-extra_6.8.9.9-5+deb8u1_amd64.deb
21e93117e78873d81c0ebce36a54f340 1025376 libdevel optional
libmagickcore-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
1b0bd2c270a031eaed9861d6f3fc18ea 402776 libs optional
libmagickwand-6.q16-2_6.8.9.9-5+deb8u1_amd64.deb
02afb0ec42fcf9f9f0cd4d2440ca758c 391640 libdevel optional
libmagickwand-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
733f23956f8c28371c0370e295d2b995 253594 libs optional
libmagick++-6.q16-5_6.8.9.9-5+deb8u1_amd64.deb
0df912d4d18c0223d27cb4170a6d8be1 220854 libdevel optional
libmagick++-6.q16-dev_6.8.9.9-5+deb8u1_amd64.deb
76968eb5265a9596b63cc288e0f8bb28 5001062 debug extra
imagemagick-dbg_6.8.9.9-5+deb8u1_amd64.deb
761e04a9d38552b44aab4f751675965d 219494 perl optional
libimage-magick-q16-perl_6.8.9.9-5+deb8u1_amd64.deb
04e961e0560e8522ad0545da1b45aa6d 121748 oldlibs extra
perlmagick_6.8.9.9-5+deb8u1_all.deb
264bd0df69b18b6e0fa1e79477cfdc3b 121728 oldlibs extra
libmagickcore-dev_6.8.9.9-5+deb8u1_all.deb
4f9c321d17d651789270123fe81dafcd 121718 oldlibs extra
libmagickwand-dev_6.8.9.9-5+deb8u1_all.deb
cd42855a31a481d1b50d19bc67b41b6a 121742 oldlibs extra
libmagick++-dev_6.8.9.9-5+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWsTSDAAoJEO3GeJm/E8RXG5gH/RNnS+dbQ0+WcGR6hMPOxpVJ
hGHZ9MWZBrxpSCYWpj928DApYV+imEDILT1lB91Mz3w95WVzKGQb7D4ibS8nDtp4
LH1c/3YllqnLuxbT0O00H35Y05a8JccxrXV+VqjTp5vtSQ4MbMQDtaS3ZiVJeXs6
mvaIsGqy5Qs2KljiwlKZ6sva51U9uQU925Vf3NpwXJH4INEgUVEtwznEBSqmcrll
6KbcI2pus8L8LeCmLZ1wdSqB8a3wH6krlUZ7Po8TvwAD4Aksh98mFkIm/lz6jLLA
YWZkCPLzfaf31qezSoAbkshFN5PyrMTOs8bKOAFZL5zd7yUp2lzgJQ29JxvxsuM=
=ZFoZ
-----END PGP SIGNATURE-----
--- End Message ---
