Legacy ImageMagick Discussions Archive

Redhat is suggesting this probably based on your input Trav. https://access.redhat.com/security/vuln ... 1#comments

Thanks Trav, so do you think those changes are an acceptable workaround. Will this apply to both MSL and MVG. Thanks Your input is much appreciated but I'm going to keep seeking answers until I get something definitive.

Thanks fmw42. I will wait for their reply thanks.

This is true for all of our rhel5 boxes and other rhel 5 servers seem to be experiencing the same problem. For Developers do we need to try an update this package. Please see the link other people are experiencing this problem on rhel5. Its in the comments section. https://access.redhat.com/security ...

There is no policy.xml in this instance. I used find and scanned the entire FS. [ /etc]# ls -la /usr/lib/ImageMagick-6.2.8/config/ total 236 drwxr-xr-x 2 root root 4096 Jun 25 2015 . drwxr-xr-x 4 root root 4096 Apr 25 2012 .. -rw-r--r-- 1 root root 63539 Apr 25 2012 colors.xml -rw-r--r-- 1 root root ...

I thought the delegates.xml only works for ssl based on the other thread. So if I adjust delegates.xml will it provide the workaround for http and https? Or am I misunderstanding.

Yeah I'm sorry about that. I apologize. Thanks.

Is there a work around for RHEL5 they do not have a policy.xml in RHEL5 and what would be the repercussions of deinstalling imageMagick. There seems to be no information on making a work around for RHEL5. There is no policy.xml on RHEL5 instances.