Hello all,
In case you haven't heard, ImageMagick announced a major vulnerability
(and a quick config fix) this week:
http://arstechnica.com/security/2016/05/easily-exploited-bug-exposes-huge-number-of-sites-to-code-execution-attacks/
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
https://imagetragick.com/
This ImageMagick vulnerability may affect DSpace 5.x sites which have
installed ImageMagick on their servers for the ImageMagick Media Filter
feature. This feature was added in DSpace 5.x in order to provide higher
quality thumbnails for images and PDFs:
https://wiki.duraspace.org/display/DSDOC5x/ImageMagick+Media+Filters
We'd encourage you to immediately apply the recommended "policy.xml"
configuration changes to ImageMagick (see links above), and upgrade your
installed ImageMagick as soon as this security vulnerability is resolved
in a new release (hopefully later this week).
- Tim
--
Tim Donohue
Technical Lead for DSpace & DSpaceDirect
DuraSpace.org | DSpace.org | DSpaceDirect.org
--
You received this message because you are subscribed to the Google Groups "DSpace
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/dspace-community.
For more options, visit https://groups.google.com/d/optout.
