<p dir="ltr">I'm not pro in web but I think a lot of web sites rely on imagemagick tools for resize/convert files.</p>
<div class="gmail_quote">On May 5, 2016 10:10 AM, "Jim Kinney" <<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Yea. Using it as a thumbnail creator for a public web application is a threat vector that needs the patching.</p>
<p dir="ltr">Using it on the desktop to modify/mangle images from the command line is not a cause for panic.</p>
<div class="gmail_quote">On May 5, 2016 10:04 AM, "DJ-Pfulio" <<a href="mailto:DJPfulio@jdpfu.com" target="_blank">DJPfulio@jdpfu.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Not worried at all.<br>
I don't run any services that allow unknown uploaded files to be run<br>
through ImageMagick.<br>
<br>
I use ImageMagick a few times a week.<br>
<br>
Before going crazy about this stuff ... look at the required attack vector.<br>
<br>
On 05/05/16 09:46, Lightner, Jeff wrote:<br>
> Not on RHEL5. You’d have to do “yum” rather than “dnf”.<br>
><br>
> Completely wiping your hard drive would also probably work but seems a bit extreme. :p<br>
><br>
> One assumes the reason you’re doing mitigation is because you have a reason to use ImageMagick (and an OS).<br>
><br>
><br>
> From: <a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a> [mailto:<a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a>] On Behalf Of Pete Hardie<br>
> Sent: Thursday, May 05, 2016 9:36 AM<br>
> To: Atlanta Linux Enthusiasts<br>
> Subject: Re: [ale] Imagemagick exploit<br>
><br>
><br>
> sudo dnf remove ImageMagick probably works.....<br>
><br>
> On Thu, May 5, 2016 at 9:21 AM, Lightner, Jeff <<a href="mailto:JLightner@dsservices.com" target="_blank">JLightner@dsservices.com</a><mailto:<a href="mailto:JLightner@dsservices.com" target="_blank">JLightner@dsservices.com</a>>> wrote:<br>
> Looking this morning I see both the ImageMagick and the RedHat links have been updated with suggested mitigations for RHEL5. I haven’t tried them yet.<br>
><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>