CVE-2016-3714 ImageMagick
Форум
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Scott Neader
  2. Wednesday, 04 May 2016
  3.  Subscribe via email
This mornig, the cPanel Security Team released information about CVE-2016-3714 ImageMagick security issue (see https://forums.cpanel.net/threads/cpanel-security-team-cve-2016-3714-imagemagick.543031/ )

cPanel says to modify the policy.xml files at

/usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
/etc/ImageMagick/policy.xml

However, I also see other policy.xml files on our server that runs CloudLinux / CageFS / PHP Selector, for example:

/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/usr/local/etc/ImageMagick/policy.xml
/usr/local/share/doc/ImageMagick-6.8.2/www/source/policy.xml
/usr/local/src/lwbake/ImageMagick-6.8.1-0/config/policy.xml
/usr/local/src/lwbake/ImageMagick-6.8.1-0/www/source/policy.xml
/usr/local/src/plBake/ImageMagick-6.8.2-2/config/policy.xml
/usr/local/src/plBake/ImageMagick-6.8.2-2/www/source/policy.xml
/usr/share/cagefs-skeleton/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/usr/share/cagefs-skeleton/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/usr/share/cagefs-skeleton/usr/etc/ImageMagick/policy.xml
/usr/share/cagefs-skeleton/usr/local/etc/ImageMagick/policy.xml
/usr/share/doc/ImageMagick-6.7.1/www/source/policy.xml

I realize some of these are not related to CloudLinux.  Still, does CloudLinux have an official mitigation process for CVE-2016-3714 ImageMagick security issue?

Thanks!

- Scott
Rate this post:
  1. 04.05.2016 11:05:43
  2. # 1
Richard Hordern Accepted Answer
Posts: 219
Joined: 19.03.2011
0
Votes
Undo
We would also like to know exactly what files require an update on Cloudlinux.
  1. 04.05.2016 15:05:01
  2. # 2
Scott Neader Accepted Answer
Posts: 89
Joined: 12.06.2014
0
Votes
Undo
I see they have posted the solution in their blog today:

https://cloudlinux.com/cloudlinux-os-blog/entry/imagemagick-filtering-vulnerability-cve-2016-3714

- Scott
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
гость
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.