drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ImageMagick
Name: |
Mehrere Probleme in ImageMagick |
|
ID: |
USN-2990-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10, Ubuntu 16.04 LTS |
|
Datum: |
Do, 2. Juni 2016, 15:27 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717 |
|
Applikationen: |
ImageMagick |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8279356104732206813== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="b4LO1BBj5whJHAU8xhjRD5ROW0OO4GiwV"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --b4LO1BBj5whJHAU8xhjRD5ROW0OO4GiwV Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2990-1 June 02, 2016
imagemagick vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description: - imagemagick: Image manipulation programs and library
Details:
Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718)
Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: imagemagick 8:6.8.9.9-7ubuntu5.1 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.1 imagemagick-common 8:6.8.9.9-7ubuntu5.1 libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.1 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.1
Ubuntu 15.10: imagemagick 8:6.8.9.9-5ubuntu2.1 imagemagick-6.q16 8:6.8.9.9-5ubuntu2.1 imagemagick-common 8:6.8.9.9-5ubuntu2.1 libmagick++-6.q16-5v5 8:6.8.9.9-5ubuntu2.1 libmagickcore-6.q16-2 8:6.8.9.9-5ubuntu2.1
Ubuntu 14.04 LTS: imagemagick 8:6.7.7.10-6ubuntu3.1 imagemagick-common 8:6.7.7.10-6ubuntu3.1 libmagick++5 8:6.7.7.10-6ubuntu3.1 libmagickcore5 8:6.7.7.10-6ubuntu3.1
Ubuntu 12.04 LTS: imagemagick 8:6.6.9.7-5ubuntu3.4 imagemagick-common 8:6.6.9.7-5ubuntu3.4 libmagick++4 8:6.6.9.7-5ubuntu3.4 libmagickcore4 8:6.6.9.7-5ubuntu3.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2990-1 CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718, CVE-2016-5118
Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-5ubuntu2.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.1 https://launchpad.net/ubuntu/+source/imagemagick/8:6.6.9.7-5ubuntu3.4
--b4LO1BBj5whJHAU8xhjRD5ROW0OO4GiwV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXUDNoAAoJEGVp2FWnRL6Ti1IQAIF3M6gKtHeElwhlteeTfoL1 yFFWRXchUrLURlWzPBQ381fJ90i0mNaOkkipAJXsj6uzOAobqDmUFh4eO4+zecFA fII2DzRxGJoOJ1eDAQ284zQkMbB5JEYudDU8rc1zAXm2qQyHsSMXYFzz8PCne8X2 QoC9AFpAsTEyqwm17KZRZRee3W/bdHtIUJm9Dwpr57w9gZggayzHIFM8I07tzR3y pXtETlBcJYo4NWOCw+iIJjSfZCbuK23Y4E6ddDOlUBOSKN5lmh8ksMt9sKo5CY28 jO3wiN3RIVuASxmuaxFY7TlubhvDHu1IKsTTAzQwA3iJATh6654X3sgLicoNICju GkJ/Q+Hhaq+3eoUV2KysrOdboBi1jjuf40qI1X5gxNAeFRRKPCmrk14y5wHnIShO yRLJpzWv0lFyT0ycjB5sRf8iySmt0gH1VI0MTDdc8lxvC2sx3k/eL+2s1KNMwvs4 c5TXouaaVIiJP14dGWR82RJ8fHIas+7mA121+VSsuXzKIrdXmwUgSpeabW/vNXzI CoFt4gdUDAjNP/gwEE+axEnTkSS+FTvGBH9Y8ygNSKIliDT8YSygDGxR9vpk6znQ C7fDP7/HywFelqq5ytjJz3DPoD7FtBiN6V/S+GtE9k/KpwpeMo58mbLF4ubxTL5T aV4qPu19nxuitqRdajjj =cLRU -----END PGP SIGNATURE-----
--b4LO1BBj5whJHAU8xhjRD5ROW0OO4GiwV--
--===============8279356104732206813== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8279356104732206813==--
|
|
|
|