Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability
Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability
There is no policy.xml on RHEL5 instances.
Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability
Is there any other configuration file to modify like delegates.xml https://www.imagemagick.org/discourse-s ... 4&start=15
- fmw42
- Posts: 25562
- Joined: 2007-07-02T17:14:51-07:00
- Authentication code: 1152
- Location: Sunnyvale, California, USA
Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability
Afew posts below yours is viewtopic.php?f=2&t=29614
EDIT: you found it as I was posting. Sorry I do not know more.
EDIT: you found it as I was posting. Sorry I do not know more.
Re: Is there a work around for RHEL 5 concerning the Imagemagick popen() shell vulnerability
Its likely that Redhat will issue an update soon that disables popen(). Until then, your options are to build the latest release from source, sanitize any 'convert' commands, or sandbox ImageMagick.