ImageMagick-6.9.10.68-5.el7

エラータID: AXSA:2021-1086:01

Release date: 
Wednesday, January 6, 2021 - 02:34
Subject: 
ImageMagick-6.9.10.68-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.

Security Fix(es):

* ImageMagick: Shell injection via PDF password could result in arbitrary code execution (CVE-2020-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-29599
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

Solution: 

Update packages.

CVEs: 
CVE-2020-29599
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. ImageMagick-6.9.10.68-5.el7.src.rpm
    MD5: adabe88c8f3112fea0da70c6dd76f2fe
    SHA-256: 5336417fea1f24054c805c3ee3f8c4ce36b77641727521fcbe1394c14d8b2e06
    Size: 8.69 MB

Asianux Server 7 for x86_64
  1. ImageMagick-6.9.10.68-5.el7.x86_64.rpm
    MD5: 7f691ee4ac441dcf59870bba56c77b34
    SHA-256: b804e644c3fca973d11b527a64a231ba2de4a6722f2927d32a6b8997db47fc84
    Size: 2.32 MB
  2. ImageMagick-c++-6.9.10.68-5.el7.x86_64.rpm
    MD5: 545a3dcc562898e0116b7cf406f756c4
    SHA-256: c2b73939c1607d113b0f4797aabdd0e8a70b0f0fed06c3859d65da171f00462d
    Size: 167.10 kB
  3. ImageMagick-perl-6.9.10.68-5.el7.x86_64.rpm
    MD5: a4dbd15a4815b64bc55f900eb5044a44
    SHA-256: cf3529bb902fc7e61f92aa514533a1d70af91d9ce9536d444a565717799e7d19
    Size: 152.89 kB
  4. ImageMagick-6.9.10.68-5.el7.i686.rpm
    MD5: 02dbc63bee9b546e1113d100ea4961c0
    SHA-256: 39ba6712b19b64d6ce590d2674a725b9e27159188ddea3600446b80de5981486
    Size: 2.27 MB
  5. ImageMagick-c++-6.9.10.68-5.el7.i686.rpm
    MD5: 7d216c1f51bf5ce0b36aa5c024a77eaf
    SHA-256: 2412e84a5ca56ced1e6303c1395162f27d416e3fca5addfd3775c98002fb0433
    Size: 175.66 kB