Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2016:1237-01] Important: ImageMagick security update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Important: ImageMagick security update

Advisory ID: RHSA-2016:1237-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2016:1237

Issue date: 2016-06-16

CVE Names: CVE-2015-8895 CVE-2015-8896 CVE-2015-8897

CVE-2015-8898 CVE-2016-5118 CVE-2016-5239

CVE-2016-5240

=====================================================================

 

1. Summary:

 

An update for ImageMagick is now available for Red Hat Enterprise Linux 6

and Red Hat Enterprise Linux 7.

 

Red Hat Product Security has rated this update as having a security impact

of Important. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available for each vulnerability

from the CVE link(s) in the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

 

3. Description:

 

ImageMagick is an image display and manipulation tool for the X Window

System that can read and write multiple image formats.

 

Security Fix(es):

 

* It was discovered that ImageMagick did not properly sanitize certain

input before using it to invoke processes. A remote attacker could create a

specially crafted image that, when processed by an application using

ImageMagick or an unsuspecting user using the ImageMagick utilities, would

lead to arbitrary execution of shell commands with the privileges of the

user running the application. (CVE-2016-5118)

 

* It was discovered that ImageMagick did not properly sanitize certain

input before passing it to the gnuplot delegate functionality. A remote

attacker could create a specially crafted image that, when processed by an

application using ImageMagick or an unsuspecting user using the ImageMagick

utilities, would lead to arbitrary execution of shell commands with the

privileges of the user running the application. (CVE-2016-5239)

 

* Multiple flaws have been discovered in ImageMagick. A remote attacker

could, for example, create specially crafted images that, when processed by

an application using ImageMagick or an unsuspecting user using the

ImageMagick utilities, would result in a memory corruption and,

potentially, execution of arbitrary code, a denial of service, or an

application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240,

CVE-2015-8897, CVE-2015-8898)

 

4. Solution:

 

For details on how to apply this update, which includes the changes

described in this advisory, refer to:

 

https://access.redhat.com/articles/11258

 

5. Bugs fixed (https://bugzilla.redhat.com/):

 

1269553 - CVE-2015-8895 ImageMagick: Integer and buffer overflow in coders/icon.c

1269562 - CVE-2015-8896 ImageMagick: Integer truncation vulnerability in coders/pict.c

1333417 - CVE-2016-5240 ImageMagick: SVG converting issue resulting in DoS

1334188 - CVE-2016-5239 ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection

1340814 - CVE-2016-5118 ImageMagick: Remote code execution via filename

1344264 - CVE-2015-8898 ImageMagick: Prevent NULL pointer access in magick/constitute.c

1344271 - CVE-2015-8897 ImageMagick: Crash due to out of bounds error in SpliceImage

 

6. Package List:

 

Red Hat Enterprise Linux HPC Node Optional (v. 6):

 

Source:

ImageMagick-6.7.2.7-5.el6_8.src.rpm

 

x86_64:

ImageMagick-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 6):

 

Source:

ImageMagick-6.7.2.7-5.el6_8.src.rpm

 

i386:

ImageMagick-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

 

ppc64:

ImageMagick-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.ppc64.rpm

 

s390x:

ImageMagick-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.s390x.rpm

 

x86_64:

ImageMagick-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 6):

 

i386:

ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.i686.rpm

 

ppc64:

ImageMagick-c++-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.ppc.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.ppc64.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.ppc64.rpm

 

s390x:

ImageMagick-c++-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.s390.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.s390x.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.s390x.rpm

 

x86_64:

ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 6):

 

Source:

ImageMagick-6.7.2.7-5.el6_8.src.rpm

 

i386:

ImageMagick-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

 

x86_64:

ImageMagick-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-c++-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 6):

 

i386:

ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.i686.rpm

 

x86_64:

ImageMagick-c++-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-c++-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-debuginfo-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.i686.rpm

ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm

ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm

 

Red Hat Enterprise Linux Client (v. 7):

 

Source:

ImageMagick-6.7.8.9-15.el7_2.src.rpm

 

x86_64:

ImageMagick-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux Client Optional (v. 7):

 

x86_64:

ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

 

Source:

ImageMagick-6.7.8.9-15.el7_2.src.rpm

 

x86_64:

ImageMagick-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 7):

 

Source:

ImageMagick-6.7.8.9-15.el7_2.src.rpm

 

ppc64:

ImageMagick-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.ppc64.rpm

 

ppc64le:

ImageMagick-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.ppc64le.rpm

 

s390x:

ImageMagick-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.s390x.rpm

 

x86_64:

ImageMagick-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 7):

 

ppc64:

ImageMagick-c++-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.ppc.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.ppc64.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.ppc64.rpm

 

ppc64le:

ImageMagick-c++-devel-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.ppc64le.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.ppc64le.rpm

 

s390x:

ImageMagick-c++-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.s390.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.s390x.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.s390x.rpm

 

x86_64:

ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 7):

 

Source:

ImageMagick-6.7.8.9-15.el7_2.src.rpm

 

x86_64:

ImageMagick-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-perl-6.7.8.9-15.el7_2.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 7):

 

x86_64:

ImageMagick-c++-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-c++-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-debuginfo-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.i686.rpm

ImageMagick-devel-6.7.8.9-15.el7_2.x86_64.rpm

ImageMagick-doc-6.7.8.9-15.el7_2.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

 

7. References:

 

https://access.redhat.com/security/cve/CVE-2015-8895

https://access.redhat.com/security/cve/CVE-2015-8896

https://access.redhat.com/security/cve/CVE-2015-8897

https://access.redhat.com/security/cve/CVE-2015-8898

https://access.redhat.com/security/cve/CVE-2016-5118

https://access.redhat.com/security/cve/CVE-2016-5239

https://access.redhat.com/security/cve/CVE-2016-5240

https://access.redhat.com/security/updates/classification/#important

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2016 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iD8DBQFXYyy5XlSAg2UNWIIRAnE9AJ9sMQSWCBGAv8dfTao42DPl+Z7CYgCfefuw

cXtnX7Koy5K61nZodyFedH4=

=qUqC

-----END PGP SIGNATURE-----

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×