Skip to main content

Posts

Showing posts from May 6, 2016

ImageMagick Interim Fix

A vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users. According to developer and security researcher Ryan Huber, ImageMagick suffers from a vulnerability that allows malformed images to force a Web server to execute code of an attacker's choosing. Websites that use ImageMagick and allow users to upload images are at risk of attacks that could completely compromise their security.

Update your /etc/ImageMagick/policy.xml file so that it contains the code taken from http://imagetragick.com  and restart corresponding daemons.

You're safe now. The full fix is still being worked out.

And if you have the old version of ImageMagick (because you are on CentOS 5, for example) …