CloudLinux - CloudLinux Blog - ImageMagick Filtering Vulnerability - CVE-2016-3714
CloudLinux OS Blog
Font size: +
Subscribe to this entry Unsubscribe
Print

ImageMagick Filtering Vulnerability - CVE-2016-3714

CloudLinux OS Blog
6192 Hits
2 Comments
ImageMagick Filtering Vulnerability - CVE-2016-3714

A critical vulnerability was found in ImageMagick which allows remote code to be executed during the conversion of several file formats. There is no proper fix for this other then disabling processing vulnerable commands within image files.

We are preparing imagemagick packages with those policies configured however you may fix it yourself editing few files:

/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/etc/ImageMagick/policy.xml

Add the following lines in the section:


...







Then execute:

cagefsctl --force-update

More information:

https://access.redhat.com/security/vulnerabilities/2296071
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3714

Tweet
0
Ubuntu LTS 16.04 includes livepatch - now what?
How to use a single key to register multiple Kerne...

About the author

Mykola Naugolnyi

Mykola Naugolnyi

Nikolay (Mykola) Naugolnyi is a Technical Writer at CloudLinux. He joined the company in 2014 and since then has been developing and maintaining technical product documentation for CloudLinux OS, KernelCare, and KuberDock products. He is also responsible for providing customers with release notes, information on all updates and functionality changes. He is one of the main contributors of the CloudLinux blog and a frequent participant in CloudLinux forums.

 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

Stay in touch

CloudLinux Facebook Facebook 9K+ followers CloudLinux Twitter Twitter 10K+ followers CloudLinux YouTube Channel YouTube official channel CloudLinux on LinkedIn LinkedIn Follow us

Products
Success Stories
Partners
Support
About Us
privacy shield certified
aicpa soc
pci-dss
eu gdpr compliant

© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Code of Ethics | Legal 

Call Sales at +1 (800) 231-7307

Email [email protected]

EU e-Privacy Directive

We use cookies to ensure you get the best experience using our website and services. Read more about it in our Privacy Policy. Please agree to the use of cookies to proceed. Alternatively, you may disable cookies in your browser at any time.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.