A security vulnerability in ImageMagick was announced on May 4th, 2016. If your Linux server uses ImageMagick to handle image uploads, you should make changes to your server immediately to protect it from a possible compromise.
Not all hosting products are affected by the ImageMagick vulnerability.
Hosting Type | Affected? |
---|---|
Shared Hosting (cPanel, Managed WordPress, Plesk) | No |
VPS or Dedicated Server with cPanel | No |
VPS or Dedicated server without cPanel | Yes |
Cloud Server | Yes |
If you turned automatic updates off on your cPanel server, you may still be vulnerable.
To protect your server from the ImageMagick vulnerability, you need to make changes to your policy.xml
file for ImageMagick.
policy.xml
file for ImageMagick. The path to this file may be different depending on your Linux version.
Linux Versions | Path |
---|---|
Ubuntu Debian 7 CentOS RHEL Arch Linux |
/etc/ImageMagick/policy.xml |
Debian 8 Fedora |
/etc/ImageMagick-6/policy.xml |
FreeBSD | /usr/local/etc/ImageMagick-6/policy.xml |
CentOS 6 with cPanel/WHM | /usr/local/cpanel/3rdparty/etc/ImageMagick-6/policy.xml |
policy.xml
file in a text editor:sudo vim /etc/ImageMagick/policy.xml
<policymap>
section of the file:
<policy domain="coder" rights="none" pattern="EPHEMERAL" /> <policy domain="coder" rights="none" pattern="URL" /> <policy domain="coder" rights="none" pattern="HTTPS" /> <policy domain="coder" rights="none" pattern="MVG" /> <policy domain="coder" rights="none" pattern="MSL" /> <policy domain="coder" rights="none" pattern="TEXT" /> <policy domain="coder" rights="none" pattern="SHOW" /> <policy domain="coder" rights="none" pattern="WIN" /> <policy domain="coder" rights="none" pattern="PLT" />
:wq!
Once these changes have been made, your server will be protected from the ImageMagick vulnerability.