[CentOS] ImageMagick security alert

Wed May 4 07:24:01 UTC 2016
Nux! <nux at li.nux.ro>

Direct links



As a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, EPHEMERAL and MSL commands within image files, simply add the following lines:

<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />

within the policy map stanza:


Sent from the Delta quadrant using Borg technology!


----- Original Message -----
> From: "Alice Wonder" <alice at domblogger.net>
> To: "CentOS mailing list" <centos at centos.org>
> Sent: Tuesday, 3 May, 2016 22:29:19
> Subject: [CentOS] ImageMagick security alert

> https://imagetragick.com/
> As CentOS is often used for web servers, I thought this should be posted
> here.
> Bug in ImageMagick allows remote exploit.
> AFAIK no patch exists yet but defense against the exploit is detailed at
> the link.
> CVE-2016–3714
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos