前些天在阿里云服务器上安装了wordpress,阿里云提示有wordpress WP_Image_Editor_Imagick 指令注入漏洞
解决思路:
1.查是否已安装该程序
# rpm -q ImageMagick
ImageMagick-6.7.8.9-15.el7_2.x86_64
尝试升级,发现已经是最新版
# yum install ImageMagick -y
Loaded plugins: langpacks
base | 3.6 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/3): epel/x86_64/updateinfo | 608 kB 00:00:00
(2/3): epel/x86_64/primary_db | 4.3 MB 00:00:04
(3/3): updates/7/x86_64/primary_db | 7.1 MB 00:00:07
Package ImageMagick-6.7.8.9-15.el7_2.x86_64 already installed and latest version
Nothing to do
2.进入wordpress的安装目录下,修改/wp-includes/media.php这个文件。找到
$implementations = apply_filters( 'wp_image_editors', array( 'WP_Image_Editor_Imagick', 'WP_Image_Editor_GD' ) );
改为:
$implementations = apply_filters( 'wp_image_editors', array( 'WP_Image_Editor_GD' ,'WP_Image_Editor_Imagick' ) );
再次用安骑士检测发现漏洞已经被修复
