[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
Hi, Thanks for preparing the debiff. However, this issue was addressed in the interim in USN 3706-1 http://www.ubuntu.com/usn/usn-3706-1 (libjpeg- turbo 1.3.0-0ubuntu2.1) for trusty. Thanks again. ** Changed in: libjpeg-turbo (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: libjpeg-turbo (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
Security sponsors should be subscribed, not just sponsors. It should get attention soon. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
Precise EOL as per: https://wiki.ubuntu.com/Releases ** Changed in: libjpeg-turbo (Ubuntu Precise) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
Vivid EOL as per: https://wiki.ubuntu.com/Releases ** Changed in: libjpeg-turbo (Ubuntu Vivid) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
The attachment "Debdiff, adapted from Debian 1:1.3.1-11" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
Suggest increasing the importance of this bug, considering it has a CVE assignment? I realize that it's a DoS, which is low on the "vulnerability" totem pole; but especially with buffer overruns I tend to suspect that "DoS" is code for "might allow code execution but no one's bothered to prove it". Anyway, the fix is trivial, and provided in the attached debdiff. Cheers! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
I've supplied a debdiff to address the fix for this CVE, based on upstream Debian's fix. ** Patch added: "Debdiff, adapted from Debian 1:1.3.1-11" https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+attachment/5009069/+files/libjpeg-turbo.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with "stack smashing detected"
utopic has seen the end of its life and is no longer receiving any updates. Marking the utopic task for this ticket as "Won't Fix". ** Changed in: libjpeg-turbo (Ubuntu Utopic) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
This is CVE-2014-9092 ** Package changed: imagemagick (Ubuntu) = libjpeg-turbo (Ubuntu) ** Changed in: libjpeg-turbo (Ubuntu) Importance: Undecided = Low ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9092 ** Also affects: libjpeg-turbo (Ubuntu Vivid) Importance: Low Status: New ** Also affects: libjpeg-turbo (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libjpeg-turbo (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: libjpeg-turbo (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: libjpeg-turbo (Ubuntu Precise) Status: New = Confirmed ** Changed in: libjpeg-turbo (Ubuntu Trusty) Status: New = Confirmed ** Changed in: libjpeg-turbo (Ubuntu Utopic) Status: New = Confirmed ** Changed in: libjpeg-turbo (Ubuntu Vivid) Status: New = Confirmed ** Changed in: libjpeg-turbo (Ubuntu Utopic) Importance: Undecided = Low ** Changed in: libjpeg-turbo (Ubuntu Trusty) Importance: Undecided = Low ** Changed in: libjpeg-turbo (Ubuntu Precise) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
I reported the bug upstream and it appears the bug is in JPEG library after all, cf. http://www.imagemagick.org/discourse- server/viewtopic.php?f=3t=26482sid=840b093fee284f81c6b46c7177ca07f3 As an interim fix (workaround for the JPEG library bug), I would suggest building ImageMagick with jpeg_info.optimize_coding=FALSE as suggested there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
To resolve the either-or above, I built ImageMagick 6.8.9-9 from source in a Precise machine (where the packaged version does not have the bug) and it crashes there, too. So it seems the bug is in ImageMagick itself and it was introduced between versions 6.6.9 (in Precise) and 6.7.7 (in Trusty). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
Just tested this in Utopic, the bug is still present. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
I built ImageMagick 6.8.9-9 from source (from imagemagick.org) and the bug is still there. So it's either upstream bug or in some library ImageMagick uses (compiling all of them from source would take rather long). Looks like I've got to downgrade to Precise. :-( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
The bug is not limited to convert, it can also be triggered by compare: $ compare -fuzz 25% 174210.jpg 182452.jpg junk.jpg *** stack smashing detected ***: compare terminated Aborted (core dumped) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
What is the imagemagick version ? What is the image being converted ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
imagemagick 8:6.7.7.10-6ubuntu3 (current in Trusty) I already attached sample image that causes this, and as I said I've got more... here're a few: http://tapani.tarvainen.info/linux/convertbug/r270/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
apport information ** Tags added: apport-collected trusty ** Description changed: Every now and then imagemagick convert crashes like this: $ convert -rotate 270 003632r270.jpg koe.jpg *** stack smashing detected ***: convert terminated Aborted (core dumped) This is perfectly reproducible and happens in every Ubuntu 14.04 box I have at hand that has ImageMagick in it, but not in 12.04. I'll attach the file used in above example (I have several more in case someone wants them). + --- + ApportVersion: 2.14.1-0ubuntu3.5 + Architecture: i386 + AudioDevicesInUse: + USERPID ACCESS COMMAND + /dev/snd/controlC0: tt 2149 F pulseaudio + CurrentDesktop: LXDE + CurrentDmesg: + Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied + dmesg: write failed: Broken pipe + DistroRelease: Ubuntu 14.04 + IwConfig: + br0 no wireless extensions. + + lono wireless extensions. + + eth0 no wireless extensions. + Package: linux (not installed) + ProcFB: 0 inteldrmfb + ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-37-generic root=/dev/mapper/hostname-root ro acpi_enforce_resources=lax + ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7 + RfKill: + + Tags: trusty + Uname: Linux 3.13.0-37-generic i686 + UpgradeStatus: Upgraded to trusty on 2014-07-15 (103 days ago) + UserGroups: sudo + WifiSyslog: + + _MarkForUpload: True + dmi.bios.date: 08/09/2007 + dmi.bios.vendor: Phoenix Technologies, LTD + dmi.bios.version: 6.00 PG + dmi.board.name: 945GM + dmi.chassis.type: 3 + dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvr6.00PG:bd08/09/2007:svn:pn:pvr:rvn:rn945GM:rvr:cvn:ct3:cvr: ** Attachment added: AlsaInfo.txt https://bugs.launchpad.net/bugs/1385903/+attachment/4245448/+files/AlsaInfo.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
I ran apport-collect in a test box with i386 kernel, but this happens with x86_64 machines as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385903] Re: imagemagick crashes with stack smashing detected
Not a linux (Ubuntu) kernel issue. ** Package changed: linux (Ubuntu) = imagemagick (Ubuntu) ** Changed in: imagemagick (Ubuntu) Status: Confirmed = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with stack smashing detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
