SOL29154575 - ImageMagick vulnerability CVE-2016-3717


Vulnerability Recommended Actions If you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. BIG-IP/BIG-IQ/Enterprise Manager To mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure: **Impact of action:** Performing the following procedure should not have a negative impact on your system. 1. Log in to the command line of the affected system. 2. Back up the **ImageMagick **global policy file by typing the following command: cp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol29154575 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**. 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **LABEL** coder is vulnerable, you would include the following line in the **policymap** stanza: <policy domain="coder" rights="none" pattern="LABEL" /> Since the vulnerable coder listed in CVE-2016-3717 is LABEL, the modified **policymap** stanza should look similar to the following example: <policymap> <policy domain="coder" rights="none" pattern="LABEL" /> </policymap> 5. Save the changes and exit the text editor. Supplemental Information * SOL9970: Subscribing to email notifications regarding F5 products * SOL9957: Creating a custom RSS feed to view new and updated documents * SOL4602: Overview of the F5 security vulnerability response policy * SOL4918: Overview of the F5 critical issue hotfix policy * SOL03151140: ImageMagick vulnerability CVE-2016-3714 * SOL10550253: ImageMagick vulnerability CVE-2016-3715 * SOL25102203: ImageMagick vulnerability CVE-2016-3716 * SOL61974123: ImageMagick vulnerability CVE-2016-3718 * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide **Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.

Affected Software

CPE Name Name Version
big-iq security 4.5.0
big-iq centralized management 5.0.0
big-ip edge gateway 11.3.0
big-iq cloud and orchestration 1.0.0
big-ip webaccelerator 11.3.0
big-ip aam 11.6.1
big-iq cloud 4.5.0
big-iq device 4.5.0
big-iq adc 4.5.0
enterprise manager 3.1.1
big-ip aam 12.1.1
big-iq centralized management 4.6.0