[ale] Imagemagick exploit

Jim Kinney jim.kinney at gmail.com
Thu May 5 10:08:02 EDT 2016


Yea. Using it as a thumbnail creator for a public web application is a
threat vector that needs the patching.

Using it on the desktop to modify/mangle images from the command line is
not a cause for panic.
On May 5, 2016 10:04 AM, "DJ-Pfulio" <DJPfulio at jdpfu.com> wrote:

> Not worried at all.
> I don't run any services that allow unknown uploaded files to be run
> through ImageMagick.
>
> I use ImageMagick a few times a week.
>
> Before going crazy about this stuff ... look at the required attack vector.
>
> On 05/05/16 09:46, Lightner, Jeff wrote:
> > Not on RHEL5.  You’d have to do “yum” rather than “dnf”.
> >
> > Completely wiping your hard drive would also probably work but seems a
> bit extreme.  :p
> >
> > One assumes the reason you’re doing mitigation is because you have a
> reason to use ImageMagick (and an OS).
> >
> >
> > From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Pete Hardie
> > Sent: Thursday, May 05, 2016 9:36 AM
> > To: Atlanta Linux Enthusiasts
> > Subject: Re: [ale] Imagemagick exploit
> >
> >
> > sudo dnf remove ImageMagick probably works.....
> >
> > On Thu, May 5, 2016 at 9:21 AM, Lightner, Jeff <JLightner at dsservices.com
> <mailto:JLightner at dsservices.com>> wrote:
> > Looking this morning I see both the ImageMagick and the RedHat links
> have been updated with suggested mitigations for RHEL5.   I haven’t tried
> them yet.
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160505/26d9576c/attachment.html>


More information about the Ale mailing list