ALT Linux Team

Branch t7 update on 2016-05-22

2016-05-22

ALT-BU-2016-2782-1

Branch t7 update bulletin.

ALT-PU-2016-1525-1

Package ImageMagick updated to version 6.8.4.10-alt3.M70P.1 for branch t7 in task 164941.

Closed vulnerabilities

Published: 2016-05-05

BDU:2016-01146

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-05-05

BDU:2016-01573

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю удалить произвольные файлы

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
References:
Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (8.4) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2016-05-05
Modified: 2025-04-12

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:

ALT-PU-2016-1526-1

Package zabbix updated to version 3.0.3-alt0.M70P.1 for branch t7 in task 164941.

Closed vulnerabilities

Published: 2017-01-23
Modified: 2025-04-20

CVE-2016-4338

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top