5月3日,图像处理软件ImageMagick就被公布出一个严重的0day漏洞(CVE-2016-3714),攻击者通过此漏洞可执行任意命令,最终窃取重要信息取得服务器控制权。
详细信息参考:https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
该漏洞在6.9.3-10、7.0.1-1及以上版本得到修复,下面来看看OneinStack或《lnmp一键安装包》(最新下载OneinStack默认已经升级,无此漏洞)之前版本怎么来通过升级修复这个漏洞,如下(2016-05-31更新至6.9.4-5):
- cd /root/oneinstack #进入oneinstack工具目录
- #cd /root/lnmp #如果安装使用的是lnmp
- tmux #进入tmux模式下,防止断网导致升级中断
- wget http://mirrors.linuxeye.com/scripts/update_ImageMagick.sh #下载升级脚本
- chmod +x update_ImageMagick.sh #赋权权限
- ./update_ImageMagick.sh #升级,注:请勿sh或bash update_ImageMagick.sh方式执行脚本
如下图表示升级成功:
脚本内容如下(update_ImageMagick.sh):
- #!/bin/bash
- # Author: yeho <lj2007331 AT gmail.com>
- # BLOG: https://linuxeye.com
- #
- # Notes: OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+
- #
- # Project home page:
- # http://oneinstack.com
- # https://github.com/lj2007331/oneinstack
- export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- clear
- printf "
- #######################################################################
- # OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+ #
- # upgrade ImageMagick for OneinStack #
- # For more information please visit http://oneinstack.com #
- #######################################################################
- "
- . ./options.conf
- . ./include/color.sh
- . ./include/download.sh
- ImageMagick_version=6.9.4-1
- imagick_version=3.4.1
- if [ -e "/usr/local/imagemagick/bin/convert" ];then
- OLD_ImageMagick_version=`/usr/local/imagemagick/bin/Magick-config --version | awk '{print $1}'`
- else
- echo "${CWARNING}You do not have to install Imagemagick! ${CEND}"
- exit 1
- fi
- Stop_ImageMagick() {
- if [ -e "$php_install_dir/etc/php.d/ext-imagick.ini" ];then
- /bin/mv $php_install_dir/etc/php.d/ext-imagick.ini{,_bk}
- elif [ ! -e "$php_install_dir/etc/php.d/ext-imagick.ini" -a -n "`grep imagick.so $php_install_dir/etc/php.ini`" ];then
- sed -i 's@extension.*imagick.so.*@;&@' $php_install_dir/etc/php.ini
- fi
- [ -e "$apache_install_dir/conf/httpd.conf" ] && service httpd restart || service php-fpm restart
- /bin/mv /usr/local/imagemagick{,_`date +"%Y%m%d_%H%M%S"`}
- }
- Start_ImageMagick() {
- if [ -e "$php_install_dir/etc/php.d/ext-imagick.ini_bk" ];then
- /bin/mv $php_install_dir/etc/php.d/ext-imagick.ini{_bk,}
- elif [ ! -e "$php_install_dir/etc/php.d/ext-imagick.ini" -a -n "`grep imagick.so $php_install_dir/etc/php.ini`" ];then
- sed -i 's@;extension.*imagick.so.*@extension=imagick.so@' /usr/local/php/etc/php.ini
- fi
- [ -e "$apache_install_dir/conf/httpd.conf" ] && service httpd restart || service php-fpm restart
- }
- Check_ImageMagick() {
- if [ -n "`/usr/local/imagemagick/bin/convert -version | grep "$ImageMagick_version"`" ];then
- echo "You have ${CMSG}successfully${CEND} upgrade from ${CWARNING}$OLD_ImageMagick_version${CEND} to ${CWARNING}$ImageMagick_version${CEND}"
- else
- echo "${CWARNING}Imagemagick upgrade failed! ${CEND}"
- fi
- }
- Install_ImageMagick() {
- cd $oneinstack_dir/src
- src_url=http://mirrors.linuxeye.com/oneinstack/src/ImageMagick-$ImageMagick_version.tar.gz && Download_src
- tar xzf ImageMagick-$ImageMagick_version.tar.gz
- cd ImageMagick-$ImageMagick_version
- ./configure --prefix=/usr/local/imagemagick --enable-shared --enable-static
- make && make install
- cd ..
- rm -rf ImageMagick-$ImageMagick_version
- cd ..
- }
- Install_php-imagick() {
- cd $oneinstack_dir/src
- if [ -e "$php_install_dir/bin/phpize" ];then
- if [ "`$php_install_dir/bin/php -r 'echo PHP_VERSION;' | awk -F. '{print $1"."$2}'`" == '5.3' ];then
- src_url=http://mirrors.linuxeye.com/oneinstack/src/imagick-3.3.0.tgz && Download_src
- tar xzf imagick-3.3.0.tgz
- cd imagick-3.3.0
- else
- src_url=http://mirrors.linuxeye.com/oneinstack/src/imagick-$imagick_version.tgz && Download_src
- tar xzf imagick-$imagick_version.tgz
- cd imagick-$imagick_version
- fi
- make clean
- export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
- $php_install_dir/bin/phpize
- ./configure --with-php-config=$php_install_dir/bin/php-config --with-imagick=/usr/local/imagemagick
- make && make install
- cd ..
- rm -rf imagick-$imagick_version
- fi
- cd ..
- }
- Stop_ImageMagick
- Install_ImageMagick
- Install_php-imagick
- Start_ImageMagick
- Check_ImageMagick
Tue May 10 21:51:18 CST 2016
1F
虽然我没有上传点,但是升级走起 →_→
2F
这个必须支持,才提出建议不久,没多久就把脚本发布出来了;赞
3F
你好在使用oneinstack搭建本地lamp环境后安装owncloud这款应用,在最后一步点击完成的时候会自动调到localhost的地址而不是正确的ip地址或域名,最后使用的是另外一个网友的lamp环境包,http://lamp.sh这是他的网址 你可以去看一下,我比较喜欢你做的这个环境包但是这个环境包在安装owncloud的时候总是跳转localhost,测试wordpress的时候是正常的,用那位网友的包安装owncloud一切正常
B1
@ yuxuan 我怎么看看?
B2
@ yeho 你好,我已经通过邮件给你回复了,请查收!
4F
怎样查看Imagemagick版本或者怎样查看是否安装Imagemagick?
B1
@ 小z /usr/local/imagemagick/bin/Magick-config –version
/usr/local/php/etc/php.d/ext-imagick.ini是否有
B2
@ yeho 没有这个文件,那我应该是没有安装的,就不受漏洞影响。感谢回复。
B2
@ yeho 应该是 /usr/local/imagemagick/bin/Magick-config 两个-version (你的评论会转码。。。)
另外 /usr/local/php/etc/php.d/ext-imagick.ini 不是一定有的。
5F
没安装的飘过~~
6F
Imagemagick 又暴漏洞,此脚本是否还有效。
B1
@ 天天 有效的