CloudLinux - CloudLinux Blog - ImageMagick Filtering Vulnerability - CVE-2016-3714
CloudLinux OS Blog

ImageMagick Filtering Vulnerability - CVE-2016-3714

ImageMagick Filtering Vulnerability - CVE-2016-3714

A critical vulnerability was found in ImageMagick which allows remote code to be executed during the conversion of several file formats. There is no proper fix for this other then disabling processing vulnerable commands within image files.

We are preparing imagemagick packages with those policies configured however you may fix it yourself editing few files:

/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/etc/ImageMagick/policy.xml

Add the following lines in the section:


...







Then execute:

cagefsctl --force-update

More information:

https://access.redhat.com/security/vulnerabilities/2296071
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3714

Ubuntu LTS 16.04 includes livepatch - now what?
How to use a single key to register multiple Kerne...
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

EU e-Privacy Directive

We use cookies to ensure you get the best experience using our website and services. Read more about it in our Privacy Policy. Please agree to the use of cookies to proceed. Alternatively, you may disable cookies in your browser at any time.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.