ImageMagick-6.7.2.7-5.AXS4

エラータID: AXSA:2016-516:02

Release date: 
Tuesday, June 21, 2016 - 23:14
Subject: 
ImageMagick-6.7.2.7-5.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

Security issues fixed with this release:

CVE-2015-8895
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8896
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8897
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8898
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and
ImageMagick allows remote attackers to execute arbitrary code via a |
(pipe) character at the start of a filename.
CVE-2016-5239
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5240
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2015-8897
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
Additional Info: 

N/A

Download: 

SRPMS
  1. ImageMagick-6.7.2.7-5.AXS4.src.rpm
    MD5: 4f79025cf4d8763b4f5bdeba1d794ffc
    SHA-256: 009b2c2779be1da86b583c6c09f34fde074132191de0d7cffdb2b33530babd3e
    Size: 12.06 MB

Asianux Server 4 for x86
  1. ImageMagick-6.7.2.7-5.AXS4.i686.rpm
    MD5: bd782c7f6e2c3e5ed7d2c6d45e54d3fa
    SHA-256: 195665fdab6d21cfe6397e473d62f7d6637938b1c32094a43887b2640c83531e
    Size: 1.87 MB
  2. ImageMagick-c++-6.7.2.7-5.AXS4.i686.rpm
    MD5: 4f88bc7c2432e433808212eb7ea9fd6d
    SHA-256: 0fbbfa383aeeeda76a8e9e00136ffdec7929d72146a368a0127f45f9bb5cc4a1
    Size: 143.87 kB

Asianux Server 4 for x86_64
  1. ImageMagick-6.7.2.7-5.AXS4.x86_64.rpm
    MD5: ed5601391041970850d49f733b3ad904
    SHA-256: 3c827ceef35bb77b42cb67a6c807ae1983ad1f5c6014ab476e9bcdc48f2f61bc
    Size: 1.91 MB
  2. ImageMagick-c++-6.7.2.7-5.AXS4.x86_64.rpm
    MD5: 706596961a7aec9624c4b733ceaf8c15
    SHA-256: be698b309a5382c9146bd8ddbcbb6ec783e8af298539b8747a01a0548c1a66ec
    Size: 138.03 kB
  3. ImageMagick-6.7.2.7-5.AXS4.i686.rpm
    MD5: bd782c7f6e2c3e5ed7d2c6d45e54d3fa
    SHA-256: 195665fdab6d21cfe6397e473d62f7d6637938b1c32094a43887b2640c83531e
    Size: 1.87 MB