Impact
Remote Code Execution caused by improper escaping of imagemagick bash commands.
Patches
All shell commands are now escaped properly starting from version 2.0.1 and 2.1.0-beta.1.7
To update make sure your 0815flo/tileservercache:*version* is set to latest, 2.0.2 or 2.1.0-beta in your compose file.
Then run the following commands:
sudo docker-compose pull && sudo docker-compose up -d
To validate if you updated successfully run the following command:
sudo docker-compose exec cache bash -c 'ls */Model/ImageFormat.*'
If that returns one entry (SwiftTileserverCache.build/Model/ImageFormat.swift.o) the update was successful.
Workarounds
No workaround. Updating to a fixed version is required.
Impact
Remote Code Execution caused by improper escaping of imagemagick bash commands.
Patches
All shell commands are now escaped properly starting from version 2.0.1 and 2.1.0-beta.1.7
To update make sure your
0815flo/tileservercache:*version*is set tolatest,2.0.2or2.1.0-betain your compose file.Then run the following commands:
sudo docker-compose pull && sudo docker-compose up -dTo validate if you updated successfully run the following command:
If that returns one entry (
SwiftTileserverCache.build/Model/ImageFormat.swift.o) the update was successful.Workarounds
No workaround. Updating to a fixed version is required.