Security

ImageMagick Security Issue – CVE-2016-3714 – Fix

Arunlal ALeave a reply
Post Views: 410

In short, ImageMagick is a software suite to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PNG, Postscript, SVG, and TIFF. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

On May 03, 2016 ImageMagick team found some important security issues in all of their versions. Here I’m going to point out the fixes the released for this problem. cPanel also released security updates against this vulnerability.

One of the reported vulnerabilities can potentially be exploited for remote code execution (RCE).

Fix for cPanel server

cPanel Security Team – CVE-2016-3714 ImageMagick

Troubleshooting steps:

How to determine if your server is up to date?

The updated RPMs provided by cPanel will contain a changelog entry with a CVE number. To view this changelog entry run the following command:

rpm -q --changelog cpanel-ImageMagick | grep CVE-2016-3714

The output should resemble below:

- - - Apply workaround for CVE-2016-3714

What to do if you are not up to date?

In a cPanel server an UPCP will patch the vulnerable version of ImageMagick. To upgrade your server, navigate to WHM’s Upgrade to Latest Version interface (Home >> cPanel >> Upgrade to Latest Version) and click ‘Click to Upgrade’. You can do this from commandline too by executing the following command:

/scripts/upcp
/scripts/check_cpanel_rpms --fix --long-list

To verify, run the following command

rpm -q --changelog cpanel-ImageMagick | grep CVE-2016-3714

Example

[email protected] [~]# rpm -q --changelog cpanel-ImageMagick | grep CVE-2016-3714
- Apply workaround for CVE-2016-3714

For Non cPanel server

For any servers, you can patch the ImageMagick by using the following command:

yum -y upgrade ImageMagick* alt-ImageMagick*

The above command will patch both main and php selector’s ImageMagick.

That’s it!!

For more details –> ImageMagick Security Issue

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

Leave a Reply

Your email address will not be published. Required fields are marked *