This mornig, the cPanel Security Team released information about CVE-2016-3714 ImageMagick security issue (see https://forums.cpanel.net/threads/cp...magick.543031/ )

cPanel says to modify the policy.xml files at

/usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml
/etc/ImageMagick/policy.xml

However, I also see other policy.xml files on our server that runs CloudLinux / CageFS / PHP Selector, for example:

/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/usr/local/etc/ImageMagick/policy.xml
/usr/local/share/doc/ImageMagick-6.8.2/www/source/policy.xml
/usr/local/src/lwbake/ImageMagick-6.8.1-0/config/policy.xml
/usr/local/src/lwbake/ImageMagick-6.8.1-0/www/source/policy.xml
/usr/local/src/plBake/ImageMagick-6.8.2-2/config/policy.xml
/usr/local/src/plBake/ImageMagick-6.8.2-2/www/source/policy.xml
/usr/share/cagefs-skeleton/opt/alt/alt-ImageMagick/etc/ImageMagick-6/policy.xml
/usr/share/cagefs-skeleton/opt/cloudlinux/lib/ImageMagick-6.5.4/config/policy.xml
/usr/share/cagefs-skeleton/usr/etc/ImageMagick/policy.xml
/usr/share/cagefs-skeleton/usr/local/etc/ImageMagick/policy.xml
/usr/share/doc/ImageMagick-6.7.1/www/source/policy.xml

I realize some of these are not related to CloudLinux. Still, does CloudLinux have an official mitigation process for CVE-2016-3714 ImageMagick security issue?

Thanks!

- Scott