In May 3, the image processing software ImageMagick was released a serious 0-day vulnerability (CVE-2016-3714) through which attackers can execute arbitrary commands and finally steal important information to gain control of the server.
For more information, see: https://www.imagemagick.org/discourse-server/viewtopic.php? F = 4 & t = 29588
This vulnerability has been fixed in versions 6.9.3-10, 7.0.1-1, and later. Let's take a look at OneinStack or lnmp one-key installation package (the latest OneinStack download has been upgraded by default, and this vulnerability does not exist) in earlier versions, how can I fix this vulnerability through Upgrade? (to 6.9.4-5 ):
Cd/root/oneinstack # enter the oneinstack tool directory
# Cd/root/lnmp # if lnmp is used for installation
Tmux # enter the tmux mode to prevent upgrade interruption caused by network disconnection
Wget http://mirrors.linuxeye.com/scripts/update_ImageMagick.sh # download upgrade script
Chmod + x update_ImageMagick.sh # grant permissions
./Update_ImageMagick.sh # upgrade. Note: do not execute the script in sh or bash update_ImageMagick.sh mode.
As shown in the following figure, the upgrade is successful:
The script content is as follows (update_ImageMagick.sh ):
The code is as follows: |
Copy code |
#! /Bin/bash # Author: yeho <lj2007331 AT gmail.com> # # Notes: OneinStack for CentOS/RadHat 5 + Debian 6 + and Ubuntu 12 + # # Project home page: # Http://oneinstack.com # Https://github.com/lj2007331/oneinstack Export PATH =/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin Clear Printf" ######################################## ############################### # OneinStack for CentOS/RadHat 5 + Debian 6 + and Ubuntu 12 + # # Upgrade ImageMagick for OneinStack # # For more information please visit http://oneinstack.com # ######################################## ############################### " ../Options. conf ../Include/color. sh ../Include/download. sh ImageMagick_version = 6.9.4-1 Imagick_version = 3.4.1 If [-e "/usr/local/imagemagick/bin/convert"]; then OLD_ImageMagick_version = '/usr/local/imagemagick/bin/Magick-config -- version | awk' {print $1 }'' Else Echo "$ {CWARNING} You do not have to install Imagemagick! $ {CEND }" Exit 1 Fi Stop_ImageMagick (){ If [-e "$ php_install_dir/etc/php. d/ext-imagick.ini"]; then /Bin/mv $ php_install_dir/etc/php. d/ext-imagick.ini {, _ bk} Elif [! -E "$ php_install_dir/etc/php. d/ext-imagick.ini"-a-n "'grep imagick. so $ php_install_dir/etc/php. ini '"]; then Sed-I's @ extension. * imagick. so. * @; & @ '$ php_install_dir/etc/php. ini Fi [-E "$ apache_install_dir/conf/httpd. conf"] & service httpd restart | service php-fpm restart /Bin/mv/usr/local/imagemagick {, _ 'date + "% Y % m % d _ % H % M % S "'} } Start_ImageMagick (){ If [-e "$ php_install_dir/etc/php. d/ext-imagick.ini_bk"]; then /Bin/mv $ php_install_dir/etc/php. d/ext-imagick.ini {_ bk ,} Elif [! -E "$ php_install_dir/etc/php. d/ext-imagick.ini"-a-n "'grep imagick. so $ php_install_dir/etc/php. ini '"]; then Sed-I's @; extension. * imagick. so. * @ extension = imagick. so @ '/usr/local/php/etc/php. ini Fi [-E "$ apache_install_dir/conf/httpd. conf"] & service httpd restart | service php-fpm restart } Check_ImageMagick (){ If [-n "'/usr/local/imagemagick/bin/convert-version | grep" $ ImageMagick_version "'"]; then Echo "You have $ {CMSG} successfully $ {CEND} upgrade from $ {CWARNING} $ OLD_ImageMagick_version $ {CEND} to $ {CWARNING} $ ImageMagick_version $ {CEND }" Else Echo "$ {CWARNING} Imagemagick upgrade failed! $ {CEND }" Fi } Install_ImageMagick (){ Cd $ oneinstack_dir/src Src_url = http://mirrors.linuxeye.com/oneinstack/src/imagemagick-?imagemagick_version.tar.gz & Download_src Tar xzf imagemagick-‑imagemagick_version.tar.gz Cd ImageMagick-$ ImageMagick_version ./Configure -- prefix =/usr/local/imagemagick -- enable-shared -- enable-static Make & make install Cd .. Rm-rf ImageMagick-$ ImageMagick_version Cd .. } Install_php-imagick (){ Cd $ oneinstack_dir/src If [-e "$ php_install_dir/bin/phpize"]; then If ["'$ php_install_dir/bin/php-r 'echo PHP_VERSION;' | awk-F. '{print $1 ". "$2}'' "= '5. 3']; then Src_url = http://mirrors.linuxeye.com/oneinstack/src/imagick-3.3.0.tgz & Download_src Tar xzf imagick-3.3.0.tgz Cd imagick-3.3.0 Else Src_url = http://mirrors.linuxeye.com/oneinstack/src/imagick-?imagick_version.tgz & Download_src Tar xzf imagick-$ imagick_version.tgz Cd imagick-$ imagick_version Fi Make clean Export PKG_CONFIG_PATH =/usr/local/lib/pkgconfig $ Php_install_dir/bin/phpize ./Configure -- with-php-config = $ php_install_dir/bin/php-config -- with-imagick =/usr/local/imagemagick Make & make install Cd .. Rm-rf imagick-$ imagick_version Fi Cd .. } Stop_ImageMagick Install_ImageMagick Install_php-imagick Start_ImageMagick Check_ImageMagick |