SCIENTIFIC-LINUX-ERRATA Archives

June 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: ImageMagick on SL6.x, SL7.x i386/x86_64
From:
Kevin Hill <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 17 Jun 2016 20:16:16 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (76 lines) 
Synopsis:          Important: ImageMagick security update
Advisory ID:       SLSA-2016:1237-1
Issue Date:        2016-06-17
CVE Numbers:       CVE-2015-8895
                   CVE-2015-8896
                   CVE-2016-5240
                   CVE-2016-5239
                   CVE-2016-5118
                   CVE-2015-8898
                   CVE-2015-8897
--

Security Fix(es):

* It was discovered that ImageMagick did not properly sanitize certain
input before using it to invoke processes. A remote attacker could create
a specially crafted image that, when processed by an application using
ImageMagick or an unsuspecting user using the ImageMagick utilities, would
lead to arbitrary execution of shell commands with the privileges of the
user running the application. (CVE-2016-5118)

* It was discovered that ImageMagick did not properly sanitize certain
input before passing it to the gnuplot delegate functionality. A remote
attacker could create a specially crafted image that, when processed by an
application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would lead to arbitrary execution of shell commands
with the privileges of the user running the application. (CVE-2016-5239)

* Multiple flaws have been discovered in ImageMagick. A remote attacker
could, for example, create specially crafted images that, when processed
by an application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would result in a memory corruption and,
potentially, execution of arbitrary code, a denial of service, or an
application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240,
CVE-2015-8897, CVE-2015-8898)
--

SL6
  x86_64
    ImageMagick-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm
    ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm
  i386
    ImageMagick-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-doc-6.7.2.7-5.el6_8.i686.rpm
    ImageMagick-perl-6.7.2.7-5.el6_8.i686.rpm
SL7
  x86_64
    ImageMagick-6.7.8.9-15.el7_2.i686.rpm
    ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm
    ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm
    ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm
    ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm
    ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm
    ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2