ImageMagick-6.7.8.9-15.el7

エラータID: AXSA:2016-519:03

Release date: 
Wednesday, June 22, 2016 - 11:48
Subject: 
ImageMagick-6.7.8.9-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.

Security issues fixed with this release:

CVE-2015-8895
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8896
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8897
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8898
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and
ImageMagick allows remote attackers to execute arbitrary code via a |
(pipe) character at the start of a filename.
CVE-2016-5239
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5240
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2015-8897
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
Additional Info: 

N/A

Download: 

SRPMS
  1. ImageMagick-6.7.8.9-15.el7.src.rpm
    MD5: 31d267c257180b2d73a580a706a61342
    SHA-256: 7b65fbcc2567167c55fd4706d55559c47b8441faa229b6a3ad6de808db81caa6
    Size: 7.52 MB

Asianux Server 7 for x86_64
  1. ImageMagick-6.7.8.9-15.el7.x86_64.rpm
    MD5: b7b619c0960cbd2464b0c849c4ca65c3
    SHA-256: 8d9b7983e94c840482d4f998a6a1ffce572d9e82945209cbea15e8b3148faa05
    Size: 2.12 MB
  2. ImageMagick-c++-6.7.8.9-15.el7.x86_64.rpm
    MD5: c76d917c57294f1438ce61129a4ff207
    SHA-256: 8f596fe7fc29c3d0483d13f0f3a527bf91fc19a86c460f9a265ab017fc5cae61
    Size: 144.55 kB
  3. ImageMagick-perl-6.7.8.9-15.el7.x86_64.rpm
    MD5: 3460bcd302de8b1da929a0cd3283f52c
    SHA-256: f23fbac435009b1384412a353bf1074f6f48f00ee32d9af0847ce8e15a57028c
    Size: 146.54 kB
  4. ImageMagick-6.7.8.9-15.el7.i686.rpm
    MD5: 8777f271d6024b2cf7a99ff976b66113
    SHA-256: c59f8d66ca417ebc01bb0d1e3ba73633b1ec2eb2f4eccb4c0548fcaa46774777
    Size: 2.05 MB
  5. ImageMagick-c++-6.7.8.9-15.el7.i686.rpm
    MD5: eae3e2aa52c4d41c9efdd66a5570c5c1
    SHA-256: dcb49eb94ff6e850ecdcf89e5449dc9b1d75e03065efdeca32c69d2a45f4da78
    Size: 151.48 kB