{"id":85,"date":"2016-05-11T05:43:21","date_gmt":"2016-05-11T05:43:21","guid":{"rendered":"https:\/\/www.hostingahead.com\/blog\/?p=85"},"modified":"2016-05-11T10:03:32","modified_gmt":"2016-05-11T10:03:32","slug":"fix-imagemagick-vulnerability","status":"publish","type":"post","link":"https:\/\/www.hostingahead.com\/blog\/fix-imagemagick-vulnerability\/","title":{"rendered":"Fix ImageMagick vulnerability"},"content":{"rendered":"

ImageMagick<\/a>, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system.<\/p>\n

Evidence :<\/p>\n

http:\/\/arstechnica.com\/security\/2016\/05\/exploits-gone-wild-hackers-target-critical-image-processing-bug\/<\/a>
\nhttps:\/\/www.us-cert.gov\/ncas\/current-activity\/2016\/05\/04\/ImageMagick-Vulnerability<\/a><\/p>\n

You can fix it by edit policy.xml file.<\/p>\n

Add following lines to policy.xml file<\/p>\n

<policy domain=”coder” rights=”none” pattern=”EPHEMERAL”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”URL”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”HTTPS”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”MVG”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”MSL”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”TEXT”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”SHOW”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”WIN”><\/policy>
\n<policy domain=”coder” rights=”none” pattern=”PLT”><\/policy><\/p><\/blockquote>\n

Default File path:<\/strong><\/p>\n

Ubuntu\/Debian 7\/CentOS\/RHEL\/Arch Linux : \/etc\/ImageMagick\/policy.xml
\nDebian 8\/Fedora : \/etc\/ImageMagick-6\/policy.xml
\nFreeBSD : \/usr\/local\/etc\/ImageMagick-6\/policy.xml
\nCentOS with cPanel\/WHM: \/usr\/local\/cpanel\/3rdparty\/etc\/ImageMagick-6\/policy.xml<\/p>\n","protected":false},"excerpt":{"rendered":"

ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Evidence : http:\/\/arstechnica.com\/security\/2016\/05\/exploits-gone-wild-hackers-target-critical-image-processing-bug\/ https:\/\/www.us-cert.gov\/ncas\/current-activity\/2016\/05\/04\/ImageMagick-Vulnerability You can fix it by edit policy.xml file. Add following lines to policy.xml file <policy …<\/p>\n","protected":false},"author":101012,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/posts\/85"}],"collection":[{"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/users\/101012"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/comments?post=85"}],"version-history":[{"count":8,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/posts\/85\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/posts\/85\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/media?parent=85"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/categories?post=85"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostingahead.com\/blog\/wp-json\/wp\/v2\/tags?post=85"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}