ImageTragick reported multiple vulnerabilities found on ImageMagick.
Details and links are below:
- CVE-2016-3714 – Insufficient shell characters filtering leads to (potentially remote) code execution
- CVE-2016-3715 – File deletion
- CVE-2016-3716 – File moving
- CVE-2016-3717 – Local file read
- CVE-2016-3718 – SSRF
WordPress 3.5 or later are configured to use ImageMagick.
If you have installed ImageMagick to the server and use WordPress 3.5 or later, you should consider taking an action towards it.
See more details:
WP_Image_Editor is incoming!
On AMIMOTO managed hosting and AMIMOTO AMI, we have not installed ImageMagick, so there is no need to take action, except when you installed or enabled ImageMagick.
If you installed ImageMagic after EC2 launch, you should check the links above take action towards these vulnerabilities on your server.
To check whether ImageMagick is installed and enabled:
- ssh to your server
- input the command below:
$ rpm -q php-pecl-imagick $ rpm -q ImageMagick
By default, ImageMagick is not installed to AMIMOTO AMI, and you can read the return text below:
package php-pecl-imagick is not installed
package ImageMagick is not installed