Vulnerability Description:
ImageMagick is an extensive and popular image processing software. Recently, the software has been a burst of remote code execution vulnerabilities, numbered cve-2016–3714. This vulnerability allows an attacker to execute arbitrary code on the target server by uploading a maliciously constructed image file. Due to the wide application of ImageMagick, it has been determined that well-known applications such as WordPress are affected by this vulnerability.
Install the latest version of the software
First, download the package:
CD/USR/LOCAL/SRC #进入软件包存放目录
1, ImageMagick (currently the latest version)
wget http://ftp.nluug.nl/ImageMagick/ImageMagick-7.0.1-1.tar.gz
2, Imagick (imagick-3.1.2 and the following version does not support Imagemagick-7.0.1-1, will prompt compilation error, recommended to use the latest version imagick-3.4.2)
wget http://pecl.php.net/get/imagick-3.4.2.tgz
Second, install ImageMagick
System Yun-wei www.osyunwei.com warm reminder: qihang01 original content copyright, reproduced please indicate the source and the original link
CD/USR/LOCAL/SRC #进入软件包存放目录
Tar zxvf imagemagick-7.0.1-1.tar.gz #解压
CD Imagemagick-7.0.1-1 #进入安装目录
./configure--prefix=/usr/local/imagemagick #配置
Export pkg_config_path=/usr/local/imagemagick/lib/pkgconfig/#设置环境变量
Iii. installation of Imagick
Tar zxvf imagick-3.4.2.tgz
/usr/local/php/bin/phpize #用phpize生成configure配置文件
./configure--with-php-config=/usr/local/php/bin/php-config--with-imagick=/usr/local/imagemagick #配置
Four, configure PHP support Imagick
Vi/usr/local/php/etc/php.ini #编辑配置文件, add the following on the last line
