Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:1237-1 High: ImageMagick Remote Execution Risk

Calendar Jun 17, 2016 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory remote attack execution ImageMagick Scientific Linux
Important: ImageMagick security update 
Date: Fri, 17 Jun 2016 20:16:16 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Important: ImageMagick on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160617201616.27387.42878@slpackages.fnal.gov>

Synopsis: Important: ImageMagick security update
Advisory ID: SLSA-2016:1237-1
Issue Date: 2016-06-17
CVE Numbers: CVE-2015-8895
 CVE-2015-8896
 CVE-2016-5240
 CVE-2016-5239
 CVE-2016-5118
 CVE-2015-8898
 CVE-2015-8897
--

Security Fix(es):

* It was discovered that ImageMagick did not properly sanitize certain
input before using it to invoke processes. A remote attacker could create
a specially crafted image that, when processed by an application using
ImageMagick or an unsuspecting user using the ImageMagick utilities, would
lead to arbitrary execution of shell commands with the privileges of the
user running the application. (CVE-2016-5118)

* It was discovered that ImageMagick did not properly sanitize certain
input before passing it to the gnuplot delegate functionality. A remote
attacker could create a specially crafted image that, when processed by an
application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would lead to arbitrary execution of shell commands
with the privileges of the user running the application. (CVE-2016-5239)

* Multiple flaws have been discovered in ImageMagick. A remote attacker
could, for example, create specially crafted images that, when processed
by an application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would result in a memory corruption and,
potentially, execution of arbitrary code, a denial of service, or an
application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240,
CVE-2015-8897, CVE-2015-8898)
--

SL6
 x86_64
 ImageMagick-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm
 ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm
 i386
 ImageMagick-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-doc-6.7.2.7-5.el6_8.i686.rpm
 ImageMagick-perl-6.7.2.7-5.el6_8.i686.rpm
SL7
 x86_64
 ImageMagick-6.7.8.9-15.el7_2.i686.rpm
 ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm
 ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm
 ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm
 ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm
 ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm
 ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here