Learn about Centmin Mod LEMP Stack today
Become a Member

Security ImageMagick vulnerabilities CVE-2016-3714 (imagetragick) active exploitation confirmed

Discussion in 'CentOS, Redhat & Oracle Linux News' started by Revenge, May 4, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Last edited: May 5, 2016
  2. Revenge

    Revenge Active Member

    452
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +341
    Local Time:
    9:20 AM
    1.9.x
    10.1.x
    Remi already have the update to the new version:
    6.9.3.10-1.el7.remi

    Is this enough, or we also need to recompile php?
    I have this:
    Code:
    imagick module => enabled
    imagick module version => 3.4.2
    imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel
    Imagick compiled with ImageMagick version => ImageMagick 6.9.3-8 Q16 x86_64 2016-04-12 http://www.imagemagick.org
    Imagick using ImageMagick library version => ImageMagick 6.9.3-10 Q16 x86_64 2016-05-04 http://www.imagemagick.org
    ImageMagick copyright => Copyright (C) 1999-2016 ImageMagick Studio LLC
    ImageMagick release date => 2016-05-04
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @Revenge for centmin mod users at least

    run centmin.sh menu option 15 to recompile imagick php extension too
    Code (Text):
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu               
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 15
    --------------------------------------------------------


    for 123.09beta01 users, centmin.sh menu option 15 actually does the yum update too + imagick php extension recompile. For 123.08stable it should be just the imagick php extension recompile

    edit: looks like not all remi yum repo mirrors have the new version yet - tried and don't see it yet

    Code (Text):
    yum list ImageMagick-last* --enablerepo=remi --disableplugin=priorities -q
    Installed Packages
    ImageMagick-last.x86_64                                                                                                           6.9.3.9-1.el7.remi                                                                                                 @remi
    ImageMagick-last-c++.x86_64                                                                                                       6.9.3.9-1.el7.remi                                                                                                 @remi
    ImageMagick-last-c++-devel.x86_64                                                                                                 6.9.3.9-1.el7.remi                                                                                                 @remi
    ImageMagick-last-devel.x86_64                                                                                                     6.9.3.9-1.el7.remi                                                                                                 @remi
    ImageMagick-last-libs.x86_64                                                                                                      6.9.3.9-1.el7.remi                                                                                                 @remi
    Available Packages
    ImageMagick-last-djvu.x86_64                                                                                                      6.9.3.9-1.el7.remi                                                                                                 remi
    ImageMagick-last-doc.x86_64                                                                                                       6.9.3.9-1.el7.remi                                                                                                 remi
    ImageMagick-last-perl.x86_64                                                                                                      6.9.3.9-1.el7.remi                                                                                                 remi 


    not yet
    Code (Text):
    yum history list ImageMagick-last
    Loaded plugins: fastestmirror, priorities
    ID     | Command line             | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
        24 | update --disableplugin=p | 2016-05-02 22:04 | Update         |    5   
        10 | -y install ImageMagick-l | 2016-05-01 22:47 | Install        |   18   
    history list


    Code (Text):
    yum history info 24
    Loaded plugins: fastestmirror, priorities
    Transaction ID : 24
    Begin time     : Mon May  2 22:04:37 2016
    Begin rpmdb    : 580:4a4c8509bdd6871940cf25221ad6491d8b2ce06e
    End time       :            22:04:38 2016 (1 seconds)
    End rpmdb      : 580:b863de7064d26bb2f0aeb5be11d8ededbf80adc4
    User           : root <root>
    Return-Code    : Success
    Command Line   : update --disableplugin=priorities --enablerepo=remi -y
    Transaction performed with:
        Installed     rpm-4.11.3-17.el7.x86_64                      installed
        Installed     yum-3.4.3-132.el7.centos.0.1.noarch           installed
        Installed     yum-plugin-fastestmirror-1.1.31-34.el7.noarch installed
    Packages Altered:
        Updated ImageMagick-last-6.9.3.8-1.el7.remi.x86_64           @remi
        Update                   6.9.3.9-1.el7.remi.x86_64           @remi
        Updated ImageMagick-last-c++-6.9.3.8-1.el7.remi.x86_64       @remi
        Update                       6.9.3.9-1.el7.remi.x86_64       @remi
        Updated ImageMagick-last-c++-devel-6.9.3.8-1.el7.remi.x86_64 @remi
        Update                             6.9.3.9-1.el7.remi.x86_64 @remi
        Updated ImageMagick-last-devel-6.9.3.8-1.el7.remi.x86_64     @remi
        Update                         6.9.3.9-1.el7.remi.x86_64     @remi
        Updated ImageMagick-last-libs-6.9.3.8-1.el7.remi.x86_64      @remi
        Update                        6.9.3.9-1.el7.remi.x86_64      @remi
    history info
     
    Last edited: May 5, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Sucuri weighs in on the ImageMagick vulnerabilities ImageMagick Remote Command Execution Vulnerability - Sucuri Blog

     
  5. BigIron

    BigIron Member

    62
    15
    8
    Sep 18, 2015
    Ratings:
    +18
    Local Time:
    1:20 AM
    Watching this!
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    looks like ImageMagick remi yum repo has updated with 6.9.3.10-1 version now
    Code (Text):
    yum list ImageMagick-last*  --enablerepo=remi --disableplugin=priorities -q
    Installed Packages
    ImageMagick-last.x86_64              6.9.3.9-1.el7.remi      @remi
    ImageMagick-last-c++.x86_64          6.9.3.9-1.el7.remi      @remi
    ImageMagick-last-c++-devel.x86_64    6.9.3.9-1.el7.remi      @remi
    ImageMagick-last-devel.x86_64        6.9.3.9-1.el7.remi      @remi
    ImageMagick-last-libs.x86_64         6.9.3.9-1.el7.remi      @remi
    Available Packages
    ImageMagick-last.x86_64              6.9.3.10-1.el7.remi     remi
    ImageMagick-last-c++.x86_64          6.9.3.10-1.el7.remi     remi
    ImageMagick-last-c++-devel.x86_64    6.9.3.10-1.el7.remi     remi
    ImageMagick-last-devel.x86_64        6.9.3.10-1.el7.remi     remi
    ImageMagick-last-djvu.x86_64         6.9.3.10-1.el7.remi     remi
    ImageMagick-last-doc.x86_64          6.9.3.10-1.el7.remi     remi
    ImageMagick-last-libs.x86_64         6.9.3.10-1.el7.remi     remi
    ImageMagick-last-perl.x86_64         6.9.3.10-1.el7.remi     remi 

    for Centmin Mod 123.08stable users just run below command and afterwards run centmin.sh menu option 15 to recompile imagick php extension
    Code (Text):
    yum -y update --enablerepo=remi --disableplugin=priorities

    for Centmin Mod 123.09beta01 users, running centmin.sh menu option 15 automatically does the yum update for ImageMagick system package provided by Remi yum repo + recompile imagick php extension
    Code (Text):
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 15

    example output for centmin.sh menu option 15 on 123.09beta01 branch of centmin mod
    Code (Text):
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 15
    --------------------------------------------------------
    Check for php extensions
    
    Check for ImageMagicK System Updates (YUM)
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * base: linux.mirrors.es.net
    * epel: linux.mirrors.es.net
    * extras: mirrors.unifiedlayer.com
    * remi: mirrors.mediatemple.net
    * rpmforge: mirror.hmc.edu
    * updates: mirror.hmc.edu
    Resolving Dependencies
    --> Running transaction check
    ---> Package ImageMagick-last.x86_64 0:6.9.3.9-1.el7.remi will be updated
    ---> Package ImageMagick-last.x86_64 0:6.9.3.10-1.el7.remi will be an update
    --> Processing Dependency: ImageMagick-last-libs(x86-64) = 6.9.3.10-1.el7.remi for package: ImageMagick-last-6.9.3.10-1.el7.remi.x86_64
    ---> Package ImageMagick-last-c++.x86_64 0:6.9.3.9-1.el7.remi will be updated
    ---> Package ImageMagick-last-c++.x86_64 0:6.9.3.10-1.el7.remi will be an update
    ---> Package ImageMagick-last-c++-devel.x86_64 0:6.9.3.9-1.el7.remi will be updated
    ---> Package ImageMagick-last-c++-devel.x86_64 0:6.9.3.10-1.el7.remi will be an update
    ---> Package ImageMagick-last-devel.x86_64 0:6.9.3.9-1.el7.remi will be updated
    ---> Package ImageMagick-last-devel.x86_64 0:6.9.3.10-1.el7.remi will be an update
    --> Running transaction check
    ---> Package ImageMagick-last-libs.x86_64 0:6.9.3.9-1.el7.remi will be updated
    ---> Package ImageMagick-last-libs.x86_64 0:6.9.3.10-1.el7.remi will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
    Package                       Arch      Version                  Repository
                                                                               Size
    ================================================================================
    Updating:
    ImageMagick-last              x86_64    6.9.3.10-1.el7.remi      remi     69 k
    ImageMagick-last-c++          x86_64    6.9.3.10-1.el7.remi      remi    165 k
    ImageMagick-last-c++-devel    x86_64    6.9.3.10-1.el7.remi      remi    104 k
    ImageMagick-last-devel        x86_64    6.9.3.10-1.el7.remi      remi    103 k
    Updating for dependencies:
    ImageMagick-last-libs         x86_64    6.9.3.10-1.el7.remi      remi    2.2 M
    
    Transaction Summary
    ================================================================================
    Upgrade  4 Packages (+1 Dependent package)
    
    Total download size: 2.6 M
    Downloading packages:
    No Presto metadata available for remi
    --------------------------------------------------------------------------------
    Total                                               14 MB/s | 2.6 MB  00:00  
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Updating   : ImageMagick-last-libs-6.9.3.10-1.el7.remi.x86_64            1/10
      Updating   : ImageMagick-last-c++-6.9.3.10-1.el7.remi.x86_64             2/10
      Updating   : ImageMagick-last-6.9.3.10-1.el7.remi.x86_64                 3/10
      Updating   : ImageMagick-last-devel-6.9.3.10-1.el7.remi.x86_64           4/10
      Updating   : ImageMagick-last-c++-devel-6.9.3.10-1.el7.remi.x86_64       5/10
      Cleanup    : ImageMagick-last-c++-devel-6.9.3.9-1.el7.remi.x86_64        6/10
      Cleanup    : ImageMagick-last-devel-6.9.3.9-1.el7.remi.x86_64            7/10
      Cleanup    : ImageMagick-last-6.9.3.9-1.el7.remi.x86_64                  8/10
      Cleanup    : ImageMagick-last-c++-6.9.3.9-1.el7.remi.x86_64              9/10
      Cleanup    : ImageMagick-last-libs-6.9.3.9-1.el7.remi.x86_64            10/10
      Verifying  : ImageMagick-last-c++-6.9.3.10-1.el7.remi.x86_64             1/10
      Verifying  : ImageMagick-last-6.9.3.10-1.el7.remi.x86_64                 2/10
      Verifying  : ImageMagick-last-devel-6.9.3.10-1.el7.remi.x86_64           3/10
      Verifying  : ImageMagick-last-c++-devel-6.9.3.10-1.el7.remi.x86_64       4/10
      Verifying  : ImageMagick-last-libs-6.9.3.10-1.el7.remi.x86_64            5/10
      Verifying  : ImageMagick-last-c++-6.9.3.9-1.el7.remi.x86_64              6/10
      Verifying  : ImageMagick-last-6.9.3.9-1.el7.remi.x86_64                  7/10
      Verifying  : ImageMagick-last-libs-6.9.3.9-1.el7.remi.x86_64             8/10
      Verifying  : ImageMagick-last-devel-6.9.3.9-1.el7.remi.x86_64            9/10
      Verifying  : ImageMagick-last-c++-devel-6.9.3.9-1.el7.remi.x86_64       10/10
    
    Updated:
      ImageMagick-last.x86_64 0:6.9.3.10-1.el7.remi                              
      ImageMagick-last-c++.x86_64 0:6.9.3.10-1.el7.remi                          
      ImageMagick-last-c++-devel.x86_64 0:6.9.3.10-1.el7.remi                    
      ImageMagick-last-devel.x86_64 0:6.9.3.10-1.el7.remi                        
    
    Dependency Updated:
      ImageMagick-last-libs.x86_64 0:6.9.3.10-1.el7.remi                        
    
    Complete!
    
    *************************************************
    * Installing imagick PHP Extension
    *************************************************

    remi rpm changelog doesn't detail much heh
    Code (Text):
    rpm -qa --changelog ImageMagick-last | head -n3
    * Wed May 04 2016 Remi Collet <remi@remirepo.net> - 6.9.3.10-1
    - update to version 6.9.3 patchlevel 10

    resulting imagick php extension info
    Code (Text):
    php --ri imagick
    
    imagick
    
    imagick module => enabled
    imagick module version => 3.4.2
    imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel
    Imagick compiled with ImageMagick version => ImageMagick 6.9.3-10 Q16 x86_64 2016-05-04 http://www.imagemagick.org
    Imagick using ImageMagick library version => ImageMagick 6.9.3-10 Q16 x86_64 2016-05-04 http://www.imagemagick.org
    ImageMagick copyright => Copyright (C) 1999-2016 ImageMagick Studio LLC
    ImageMagick release date => 2016-05-04
    ImageMagick number of supported formats:  => 225
    ImageMagick supported formats => 3FR, AAI, AI, ART, ARW, AVI, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FITS, FRACTAL, FTS, G3, GIF, GIF87, GRADIENT, GRAY, GROUP4, GV, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, JBG, JBIG, JNG, JNX, JPE, JPEG, JPG, JPS, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
    
    Directive => Local Value => Master Value
    imagick.locale_fix => 0 => 0
    imagick.skip_version_check => 0 => 0
    imagick.progress_monitor => 0 => 0

    upload_2016-5-5_21-10-5.png
     
    Last edited: May 5, 2016
  7. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    11:20 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    So now after the update do we need to use the edit to the policy file?

    Code:
      <policy domain="path" rights="none" pattern="@*" />
      <policy domain="coder" rights="none" pattern="EPHEMERAL" />
      <policy domain="coder" rights="none" pattern="URL" />
      <policy domain="coder" rights="none" pattern="HTTPS" />
      <policy domain="coder" rights="none" pattern="MVG" />
      <policy domain="coder" rights="none" pattern="MSL" />
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    keep it in place doesn't hurt to manually disable those features i suspect
     
  9. BigIron

    BigIron Member

    62
    15
    8
    Sep 18, 2015
    Ratings:
    +18
    Local Time:
    1:20 AM
  10. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Redhat's word on this ImageMagick Filtering Vulnerability - CVE-2016-3714 - Red Hat Customer Portal :)

    So it's been extended to
    Code (Text):
    <policy domain="coder" rights="none" pattern="EPHEMERAL" />
    <policy domain="coder" rights="none" pattern="HTTPS" />
    <policy domain="coder" rights="none" pattern="HTTP" />
    <policy domain="coder" rights="none" pattern="URL" />
    <policy domain="coder" rights="none" pattern="FTP" />
    <policy domain="coder" rights="none" pattern="MVG" />
    <policy domain="coder" rights="none" pattern="MSL" />
    <policy domain="coder" rights="none" pattern="TEXT" />
    <policy domain="coder" rights="none" pattern="LABEL" />
    <policy domain="path" rights="none" pattern="@*" />
    


    so updated policy output would be
    Code (Text):
    convert -list policy                                          
    Path: /etc/ImageMagick-last/ImageMagick-6/policy.xml
      Policy: Unrecognized
        rights: None 
      Policy: Coder
        rights: None 
        pattern: EPHEMERAL
      Policy: Coder
        rights: None 
        pattern: HTTPS
      Policy: Coder
        rights: None 
        pattern: HTTP
      Policy: Coder
        rights: None 
        pattern: URL
      Policy: Coder
        rights: None 
        pattern: FTP
      Policy: Coder
        rights: None 
        pattern: MVG
      Policy: Coder
        rights: None 
        pattern: MSL
      Policy: Coder
        rights: None 
        pattern: TEXT
      Policy: Coder
        rights: None 
        pattern: LABEL
      Policy: Path
        rights: None 
        pattern: @*
    
    Path: [built-in]
      Policy: Undefined
        rights: None 
    
     
    Last edited: May 6, 2016
  11. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Last edited: May 6, 2016
  12. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    11:20 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Maybe to auto add those rules at the end of Install/Reinstall ImagicK PHP Extension routine?

    As if we update using this menu the policy file will be erased and use the default one without the rules until we run again the centmin.sh....
     
  13. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  14. trxerz

    trxerz Member

    66
    5
    8
    Jun 25, 2015
    Ratings:
    +7
    Local Time:
    9:20 AM
    How to yum update?
    I've run option 15 but still got this instead of 3.4.2.

    Code:
    imagick module => enabled
    imagick module version => 3.4.1
    imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel
    Imagick compiled with ImageMagick version => ImageMagick 6.9.3-7 Q16 x86_64 2016-03-07 http://www.imagemagick.org
    Imagick using ImageMagick library version => ImageMagick 6.9.3-7 Q16 x86_64 2016-03-07 http://www.imagemagick.org
    ImageMagick copyright => Copyright (C) 1999-2016 ImageMagick Studio LLC
    ImageMagick release date => 2016-03-07
     
  15. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    imagemagick yum package for you is = 6.9.3-7 and 3.4.1 is the imagick php extension version

    only 123.09beta01 has 3.4.2 set for imagick php extension version and 123.08stable has 3.4.1 right now

    Code (Text):
    yum -y update --enablerepo=remi --disableplugin=priorities
     
  16. BobbyWibowo

    BobbyWibowo Active Member

    196
    41
    28
    Jul 30, 2015
    Indonesia
    Ratings:
    +70
    Local Time:
    3:20 PM
    1.17.x
    10.3.x
    @eva2000 I don't understand what's going on, but I updated ImageMagick with the 15th option in centmin.sh, then after running this:
    Code (Text):
    convert -list policy
    I got this:
    Code (Text):
    Path: /etc/ImageMagick-last/ImageMagick-6/policy.xml
      Policy: Unrecognized
        rights: None
      Policy: Coder
        rights: None
        pattern: EPHEMERAL
      Policy: Coder
        rights: None
        pattern: HTTPS
      Policy: Coder
        rights: None
        pattern: HTTP
      Policy: Coder
        rights: None
        pattern: URL
      Policy: Coder
        rights: None
        pattern: FTP
      Policy: Coder
        rights: None
        pattern: MVG
      Policy: Coder
        rights: None
        pattern: MSL
      Policy: Coder
        rights: None
        pattern: TEXT
      Policy: Coder
        rights: None
        pattern: LABEL
      Policy: Path
        rights: None
        pattern: @*
    
    Path: [built-in]
      Policy: Undefined
        rights: None
    Is it safe to assume that your automatic patch was applied?
     
  17. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup Centmin Mod 123.09beta01 ran centmin.sh menu option 15 will auto apply the workaround patch for ImageMagick security vulnerabilities as recommended by Redhat + also updates the system ImageMagick yum package via Remi yum repository to 6.9.3-10 + recompiles imagick 3.4.2 php extension :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  19. eva2000

    eva2000 Administrator Staff Member

    44,444
    10,148
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,704
    Local Time:
    6:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Proof of concept script at GitHub - ImageTragick/PoCs: Proof of Concepts for CVE-2016–3714
    Test on Centmin Mod 123.09beta01 LEMP stack server
    Code (Text):
    ./test.sh
    testing read
    SAFE
    
    testing delete
    SAFE
    
    testing http with local port: 20073
    SAFE
    
    testing http with nonce: Q89NbhNW
    SAFE
    
    testing rce1
    SAFE
    
    testing rce2
    SAFE
    
    testing MSL
    SAFE
     
  20. trxerz

    trxerz Member

    66
    5
    8
    Jun 25, 2015
    Ratings:
    +7
    Local Time:
    9:20 AM
    Hi eva,
    I've done everything, but still got this
    Code:
    testing read
    UNSAFE
    
    testing delete
    UNSAFE
    
    testing http with local port: 40280
    UNSAFE
    
    testing http with nonce: jqJLRrax
    SAFE
    
    testing rce1
    SAFE
    
    testing rce2
    SAFE
    
    testing MSL
    UNSAFE