imagemagick

CentOS 6 / 7 : ImageMagick (CESA-2016:0726)安全漏洞修补

CentOS 6 / 7 : ImageMagick (CESA-2016:0726)安全漏洞修补
imagemagick

相关CVE编号:
CVE: CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718
如果直接升级可能会有报错:
Error unpacking rpm package ImageMagick-6.7.8.9-18.el7.x86_64
error: unpacking of archive failed on file /usr/bin/stream: cpio: rename
是因为文件系统保护导致,去掉i选项:
chattr -i /usr/bin/animate
chattr -i /usr/bin/compare
chattr -i /usr/bin/composite
chattr -i /usr/bin/conjure
chattr -i /usr/bin/convert
chattr -i /usr/bin/display
chattr -i /usr/bin/identify
chattr -i /usr/bin/import
chattr -i /usr/bin/mogrify
chattr -i /usr/bin/montage
chattr -i /usr/bin/stream
再升级:
yum -y update ImageMagick
升级完,记得加回去:
chattr +i /usr/bin/animate
chattr +i /usr/bin/compare
chattr +i /usr/bin/composite
chattr +i /usr/bin/conjure
chattr +i /usr/bin/convert
chattr +i /usr/bin/display
chattr +i /usr/bin/identify
chattr +i /usr/bin/import
chattr +i /usr/bin/mogrify
chattr +i /usr/bin/montage
chattr +i /usr/bin/stream

下面是过程:
# yum -y update ImageMagick
Loaded plugins: fastestmirror, langpacks, priorities
Loading mirror speeds from cached hostfile
5081 packages excluded due to repository priority protections
Resolving Dependencies
–> Running transaction check
—> Package ImageMagick.x86_64 0:6.7.8.9-10.el7 will be updated
—> Package ImageMagick.x86_64 0:6.7.8.9-18.el7 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

==============================================================================
Package Arch Version Repository Size
==============================================================================
Updating:
ImageMagick x86_64 6.7.8.9-18.el7 ifengcdnbase 2.1 M

Transaction Summary
==============================================================================
Upgrade 1 Package

Total download size: 2.1 M
Downloading packages:
No Presto metadata available for ifengcdnbase
ImageMagick-6.7.8.9-18.el7.x86_64.rpm | 2.1 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : ImageMagick-6.7.8.9-18.el7.x86_64 1/2
/sbin/ldconfig: /lib/libwebp-imageio.so is not a symbolic link
/sbin/ldconfig: /lib64/libwebp-imageio.so is not a symbolic link
Cleanup : ImageMagick-6.7.8.9-10.el7.x86_64 2/2
/sbin/ldconfig: /lib/libwebp-imageio.so is not a symbolic link
/sbin/ldconfig: /lib64/libwebp-imageio.so is not a symbolic link
Verifying : ImageMagick-6.7.8.9-18.el7.x86_64 1/2
Verifying : ImageMagick-6.7.8.9-10.el7.x86_64 2/2
Updated:
ImageMagick.x86_64 0:6.7.8.9-18.el7

Complete!