Serious ImageMagick vulnerabilities discovered May 07, 2016

Categories:

News,
Security

In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
Source: https://imagetragick.com

Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

Since this a server side extension there is nothing we can do. If you have control of your own server configuration you might be able to follow some of the advice noted on https://imagetragick.com. If on shared hosting you probably need to wait until this is fixed respectively Imagick is updated by your host.

For questions and comments please use the forum or discuss on the social networks.

RSS feeds!

All news (incl. all below except forum)
All general news (except themes, showcase, screenshots)
New releases and announcements
User guide
Extensions
Screenshots and screencasts
Themes
Showcase
Forum

Social networks

Join the Google Group!

zenphoto-announce
Release announcements and security alerts only (no support)
Subscribe right here:

Email:

Website powered by Zenphoto
Forum powered by Vanilla

Categories

Need project help?

Like using Zenphoto? Donate!

Serious ImageMagick vulnerabilities discovered May 07, 2016

RSS feeds!

Social networks

Join the Google Group!

Information

Legal stuff