ImageMagick-6.7.8.9-15.el7
エラータID: AXSA:2016-519:03
リリース日:
2016/06/22 Wednesday - 11:48
題名:
ImageMagick-6.7.8.9-15.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- ImageMagick の blob.c の OpenBlob 関数には、ファイル名の先頭にある | (パイプ) 文字を介すことによって、
リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2016-5118)
- GraphicsMagic の magick/render.c の DrawDashPolygon 関数と
ImageMagic の SVG レンダラには,定義された SVG ファイルを循環
的に変換することによって,リモートの攻撃者がサービス拒否を引き
起こす脆弱性があります。(CVE-2016-5240)
- 現時点では CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898,
CVE-2016-5239 の情報が公開されておりません。CVE の情報が公開され次第情報を
アップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2015-8897
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
追加情報:
N/A
ダウンロード:
SRPMS
- ImageMagick-6.7.8.9-15.el7.src.rpm
MD5: 31d267c257180b2d73a580a706a61342
SHA-256: 7b65fbcc2567167c55fd4706d55559c47b8441faa229b6a3ad6de808db81caa6
Size: 7.52 MB
Asianux Server 7 for x86_64
- ImageMagick-6.7.8.9-15.el7.x86_64.rpm
MD5: b7b619c0960cbd2464b0c849c4ca65c3
SHA-256: 8d9b7983e94c840482d4f998a6a1ffce572d9e82945209cbea15e8b3148faa05
Size: 2.12 MB - ImageMagick-c++-6.7.8.9-15.el7.x86_64.rpm
MD5: c76d917c57294f1438ce61129a4ff207
SHA-256: 8f596fe7fc29c3d0483d13f0f3a527bf91fc19a86c460f9a265ab017fc5cae61
Size: 144.55 kB - ImageMagick-perl-6.7.8.9-15.el7.x86_64.rpm
MD5: 3460bcd302de8b1da929a0cd3283f52c
SHA-256: f23fbac435009b1384412a353bf1074f6f48f00ee32d9af0847ce8e15a57028c
Size: 146.54 kB - ImageMagick-6.7.8.9-15.el7.i686.rpm
MD5: 8777f271d6024b2cf7a99ff976b66113
SHA-256: c59f8d66ca417ebc01bb0d1e3ba73633b1ec2eb2f4eccb4c0548fcaa46774777
Size: 2.05 MB - ImageMagick-c++-6.7.8.9-15.el7.i686.rpm
MD5: eae3e2aa52c4d41c9efdd66a5570c5c1
SHA-256: dcb49eb94ff6e850ecdcf89e5449dc9b1d75e03065efdeca32c69d2a45f4da78
Size: 151.48 kB