ImageMagick-6.7.2.7-5.AXS4
エラータID: AXSA:2016-516:02
リリース日:
2016/06/21 Tuesday - 23:14
題名:
ImageMagick-6.7.2.7-5.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- ImageMagick の blob.c の OpenBlob 関数には、ファイル名の先頭にある | (パイプ) 文字を
介すことによって、リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2016-5118)
- 現時点では CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898,
CVE-2016-5239 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2015-8897
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
追加情報:
N/A
ダウンロード:
SRPMS
- ImageMagick-6.7.2.7-5.AXS4.src.rpm
MD5: 4f79025cf4d8763b4f5bdeba1d794ffc
SHA-256: 009b2c2779be1da86b583c6c09f34fde074132191de0d7cffdb2b33530babd3e
Size: 12.06 MB
Asianux Server 4 for x86
- ImageMagick-6.7.2.7-5.AXS4.i686.rpm
MD5: bd782c7f6e2c3e5ed7d2c6d45e54d3fa
SHA-256: 195665fdab6d21cfe6397e473d62f7d6637938b1c32094a43887b2640c83531e
Size: 1.87 MB - ImageMagick-c++-6.7.2.7-5.AXS4.i686.rpm
MD5: 4f88bc7c2432e433808212eb7ea9fd6d
SHA-256: 0fbbfa383aeeeda76a8e9e00136ffdec7929d72146a368a0127f45f9bb5cc4a1
Size: 143.87 kB
Asianux Server 4 for x86_64
- ImageMagick-6.7.2.7-5.AXS4.x86_64.rpm
MD5: ed5601391041970850d49f733b3ad904
SHA-256: 3c827ceef35bb77b42cb67a6c807ae1983ad1f5c6014ab476e9bcdc48f2f61bc
Size: 1.91 MB - ImageMagick-c++-6.7.2.7-5.AXS4.x86_64.rpm
MD5: 706596961a7aec9624c4b733ceaf8c15
SHA-256: be698b309a5382c9146bd8ddbcbb6ec783e8af298539b8747a01a0548c1a66ec
Size: 138.03 kB - ImageMagick-6.7.2.7-5.AXS4.i686.rpm
MD5: bd782c7f6e2c3e5ed7d2c6d45e54d3fa
SHA-256: 195665fdab6d21cfe6397e473d62f7d6637938b1c32094a43887b2640c83531e
Size: 1.87 MB