漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-5240: 1333417: CVE-2016-5240 ImageMagick: SVG converting issue resulting in DoS CVE-2016-5239: 1334188: CVE-2016-5239 ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. CVE-2016-5118: 1340814: CVE-2016-5118 ImageMagick: Remote code execution via filename It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. CVE-2015-8898: 1344264: CVE-2015-8898 ImageMagick: Prevent NULL pointer access in magick/constitute.c CVE-2015-8897: 1344271: CVE-2015-8897 ImageMagick: Crash due to out of bounds error in SpliceImage CVE-2015-8896: 1269562: CVE-2015-8896 ImageMagick: Integer truncation vulnerability in coders/pict.c CVE-2015-8895: 1269553: CVE-2015-8895 ImageMagick: Integer and buffer overflow in coders/icon.c
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Administrators are advised to apply the appropriate software updates.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论