Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
RPG-support Posted May 7, 2016 Posted May 7, 2016 It was reported in different places about critical unfixed issue with IM. It is highly recommended to disable some functions until the IM developer will issue the fix. Enter the following code to: /etc/ImageMagick/policy.xml <policymap> <policy domain="coder" rights="none" pattern="EPHEMERAL" /> <policy domain="coder" rights="none" pattern="URL" /> <policy domain="coder" rights="none" pattern="HTTPS" /> <policy domain="coder" rights="none" pattern="MVG" /> <policy domain="coder" rights="none" pattern="MSL" /> <policy domain="coder" rights="none" pattern="TEXT" /> <policy domain="coder" rights="none" pattern="SHOW" /> <policy domain="coder" rights="none" pattern="WIN" /> <policy domain="coder" rights="none" pattern="PLT" /> </policymap> You may need to do some additional steps.
ASTRAPI Posted May 7, 2016 Posted May 7, 2016 Red hat recommends: <policymap> ... <policy domain="coder" rights="none" pattern="EPHEMERAL" /> <policy domain="coder" rights="none" pattern="HTTPS" /> <policy domain="coder" rights="none" pattern="HTTP" /> <policy domain="coder" rights="none" pattern="URL" /> <policy domain="coder" rights="none" pattern="FTP" /> <policy domain="coder" rights="none" pattern="MVG" /> <policy domain="coder" rights="none" pattern="MSL" /> <policy domain="coder" rights="none" pattern="TEXT" /> <policy domain="coder" rights="none" pattern="LABEL" /> <policy domain="path" rights="none" pattern="@*" /> </policymap> You can test it using: git clone https://github.com/ImageTragick/PoCs.git cd PoCs ./test.sh If you get something like this you are fine: ./test.sh testing read SAFE testing delete SAFE testing http with local port: 20073 SAFE testing http with nonce: Q89NbhNW SAFE testing rce1 SAFE testing rce2 SAFE testing MSL SAFE A new version is also out: 6.9.3.10-1.el7
Recommended Posts
Archived
This topic is now archived and is closed to further replies.