Want more timely Centmin Mod News Updates?
Become a Member

Security ImageMagick vulnerabilities CVE-2016-3714 (imagetragick) active exploitation confirmed

Discussion in 'CentOS, Redhat & Oracle Linux News' started by Revenge, May 4, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    43,079
    9,781
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,100
    Local Time:
    12:55 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    probably because Xenforo ain't exploitable ImageMagick remote code execution (RCE) vulnerability | XenForo Community
     
    • Like Like x 1
  2. Revenge

    Revenge Active Member

    448
    92
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +336
    Local Time:
    2:55 AM
    1.9.x
    10.1.x
    New version of ImageMagick.
    Code:
    6.9.4.1-1.el7
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    43,079
    9,781
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,100
    Local Time:
    12:55 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    thanks ImageMagick/ChangeLog at ImageMagick-6 · ImageMagick/ImageMagick · GitHub
    Code (Text):
    2016-05-10  6.9.4-1 Cristy  <[email protected]>
      * Quote passwords when passed to a delegate program.
    
    2016-05-09  6.9.4-1 Cristy  <[email protected]>
      * Release ImageMagick version 6.9.4-1, GIT revision 10755:d540dda:20160509.
    
    2016-05-07  6.9.4-1 Cristy  <[email protected]>
      * Remove https delegate.
    
    2016-05-05  6.9.4-0 Cristy  <[email protected]>
      * Release ImageMagick version 6.9.4-0, GIT revision 10741:5746147:20160507.
    
    2016-05-04  6.9.4-0 Cristy  <[email protected]>
      * Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
      * Replace show delegate title with image filename rather than label.
      * Fix GetNextToken() off by one error.
      * Remove support for internal ephemeral coder.
    
    2016-05-03  6.9.3-10 Cristy  <[email protected]>
      * New version 6.9.3-10, GIT revision 10723:9fc8a0c:20160503.
    
    2016-05-03  6.9.3-10 Cristy  <[email protected]>
      * Sanitize input filename for http / https delegates (improved patch).
      * Fix for possible security vulnerabilities (reference
        https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588).
    
    2016-04-30  6.9.3-9 Cristy  <[email protected]>
      * New version 6.9.3-9, GIT revision 10716:b527bce:20160430.
     
  4. pamamolf

    pamamolf Premium Member Premium Member

    3,696
    357
    83
    May 31, 2014
    Ratings:
    +687
    Local Time:
    4:55 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Simple yum update for it?
     
  5. eva2000

    eva2000 Administrator Staff Member

    43,079
    9,781
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,100
    Local Time:
    12:55 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes

    for 123.08stable users, yum update + centmin.sh menu option 15 to recompile imagick php extension recompile
    Code (Text):
    yum -y update --enablerepo=remi --disableplugin=priorities
    

    for 123.09beta01 users, running centmin.sh menu option 15 does both yum update + imagick php extension recompile
     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    43,079
    9,781
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,100
    Local Time:
    12:55 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Interesting reading ImageMagick calls into question responsible disclosure reporting