Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
http://www.imagemagick.org/discourse-server/

Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

http://www.imagemagick.org/discourse-server/viewtopic.php?t=29819

Page 1 of 1

Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Posted: 2016-06-01T19:55:40-07:00
by vinc
There is no policy.xml on RHEL5 instances.

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Posted: 2016-06-01T19:57:01-07:00
by vinc
Is there any other configuration file to modify like delegates.xml https://www.imagemagick.org/discourse-s ... 4&start=15

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Posted: 2016-06-01T19:57:30-07:00
by fmw42
Afew posts below yours is viewtopic.php?f=2&t=29614

EDIT: you found it as I was posting. Sorry I do not know more.

Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability

Posted: 2016-06-02T03:58:20-07:00
by magick
Its likely that Redhat will issue an update soon that disables popen(). Until then, your options are to build the latest release from source, sanitize any 'convert' commands, or sandbox ImageMagick.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited