Announcement

Collapse
No announcement yet.

CVE-2016-3714 ImageMagick

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CVE-2016-3714 ImageMagick

    This mornig, the cPanel Security Team released information about CVE-2016-3714 ImageMagick security issue (see https://forums.cpanel.net/threads/cp...magick.543031/ )

    cPanel says to modify the policy.xml files at

    /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
    /etc/ImageMagick/policy.xml

    However, I also see other policy.xml files on our server that runs CloudLinux / CageFS / PHP Selector, for example:

    /opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
    /opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
    /usr/local/etc/ImageMagick/policy.xml
    /usr/local/share/doc/ImageMagick-6.8.2/www/source/policy.xml
    /usr/local/src/lwbake/ImageMagick-6.8.1-0/config/policy.xml
    /usr/local/src/lwbake/ImageMagick-6.8.1-0/www/source/policy.xml
    /usr/local/src/plBake/ImageMagick-6.8.2-2/config/policy.xml
    /usr/local/src/plBake/ImageMagick-6.8.2-2/www/source/policy.xml
    /usr/share/cagefs-skeleton/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
    /usr/share/cagefs-skeleton/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
    /usr/share/cagefs-skeleton/usr/etc/ImageMagick/policy.xml
    /usr/share/cagefs-skeleton/usr/local/etc/ImageMagick/policy.xml
    /usr/share/doc/ImageMagick-6.7.1/www/source/policy.xml

    I realize some of these are not related to CloudLinux. Still, does CloudLinux have an official mitigation process for CVE-2016-3714 ImageMagick security issue?

    Thanks!

    - Scott

  • #2
    We would also like to know exactly what files require an update on Cloudlinux.

    Comment


    • #3
      I see they have posted the solution in their blog today:



      - Scott

      Comment

      Working...
      X