ImageMagick-6.7.8.9-13.el7

エラータID: AXSA:2016-233:02

Release date: 
Tuesday, May 10, 2016 - 01:00
Subject: 
ImageMagick-6.7.8.9-13.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

Security issues fixed with this release:

CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW,
(7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x
before 7.0.1-1 allow remote attackers to execute arbitrary code via
shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before
7.0.1-1 allows remote attackers to delete arbitrary files via a
crafted image.
CVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-3717
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x
before 7.0.1-1 allow remote attackers to conduct server-side request
forgery (SSRF) attacks via a crafted image.

Solution: 

Update packages.

CVEs: 
CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-3717
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
Additional Info: 

N/A

Download: 

SRPMS
  1. ImageMagick-6.7.8.9-13.el7.src.rpm
    MD5: da42d9cd0f542effd4480d64a0922498
    SHA-256: 15c6e91f89cd594b86646b508dd8611c21c91e20ab90859eaf4d45fae6f78106
    Size: 7.51 MB

Asianux Server 7 for x86_64
  1. ImageMagick-6.7.8.9-13.el7.x86_64.rpm
    MD5: f03b444da731d68fa53667d605f66079
    SHA-256: fcd6172a1193796a78d5cb3095fcf38f1e4257b1ef6130683523b91d8b6a8c8f
    Size: 2.12 MB
  2. ImageMagick-c++-6.7.8.9-13.el7.x86_64.rpm
    MD5: fa28205483c7d086b665f23603718da8
    SHA-256: 45fb2761800281e9b3e158b54f765b76aa5a37ca4b7b572974d031de9cfcdace
    Size: 144.41 kB
  3. ImageMagick-perl-6.7.8.9-13.el7.x86_64.rpm
    MD5: 58d360150590394536a16d48ec83dc0c
    SHA-256: 46ba817dd12a07fc8ae02f2d52ec38c790212f3879d94d9ccbe6b8d05dc90dce
    Size: 146.39 kB
  4. ImageMagick-6.7.8.9-13.el7.i686.rpm
    MD5: e120c232e8f70433164b137a0cca5f24
    SHA-256: 8954c064efe23b84f661f740b22995799e8a938ae428972ea624da045b7a66f8
    Size: 2.05 MB
  5. ImageMagick-c++-6.7.8.9-13.el7.i686.rpm
    MD5: ff63b3e268bd4558b382ae7e2ed89dc9
    SHA-256: df18448236ae47b1911bff234851235c3e2dc30d8ac2bfe11c042dc77e4a620b
    Size: 151.34 kB