SOL10550253 - ImageMagick vulnerability CVE-2016-3715


Vulnerability Recommended Actions If you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. BIG-IP/BIG-IQ/Enterprise Manager To mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure: **Impact of action:** Performing the following procedure should not have a negative impact on your system. 1. Log in to the command line of the affected system. 2. Back up the **ImageMagick **global policy file by typing the following command: cp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol10550253 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**. 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, since the vulnerable coders listed in CVE-2016-3715 is EPHEMERAL, the modified **policymap** stanza should look similar to the following example: <policymap> <policy domain="coder" rights="none" pattern="EPHEMERAL" /> </policymap> 5. Save the changes and exit the text editor. Supplemental Information * SOL9970: Subscribing to email notifications regarding F5 products * SOL9957: Creating a custom RSS feed to view new and updated documents * SOL4602: Overview of the F5 security vulnerability response policy * SOL4918: Overview of the F5 critical issue hotfix policy * SOL03151140: ImageMagick vulnerability CVE-2016-3714 * SOL25102203: ImageMagick vulnerability CVE-2016-3716 * SOL29154575: ImageMagick vulnerability CVE-2016-3717 * SOL61974123: ImageMagick vulnerability CVE-2016-3718 * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide **Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.

Affected Software

CPE Name Name Version
big-iq security 4.5.0
big-ip edge gateway 11.3.0
big-iq cloud and orchestration 1.0.0
big-ip webaccelerator 11.3.0
big-ip aam 12.1.1
big-iq cloud 4.5.0
big-iq device 4.5.0
big-iq adc 4.5.0
enterprise manager 3.1.1
big-iq centralized management 4.6.0