ImageTragick - Update

Update --- all of our servers are now fully patched with the recently released updates for ImageMagick -

The talk of the Internet for the last few days has been a new exploit termed ImageTragick - CVE-2016–3714.  It's a potential exploit on any server with the ImageMagick package installed that runs web apps that do not check properly for file type before displaying a file manipulated through the Convert command. It doesn't look like Drupal is VERY exploitable by this (and would only be exploitable if the site used ImageMagick, which is not a lot of them.  Wordpress will also only be vulnerable if it uses an extension that calls ImageMagick. 

However, since our clients run all sorts of code on our servers, we have just taken steps to mitigate this vulnerability on all of our servers. We don't think this will have any bad effects on any production sites - but if you're suddenly having issues with image processing, this may be why.  We've patched the policy.xml file on all of the servers as suggested by Red Hat and CentOS. This should stop any potential exploits until such time that actual patches for ImageMagick are available that are known to actually fix the exploit - probably next week.