Back to bug 1332500
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-05-03 10:53:53 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-05-03 10:53:53 UTC | Doc Type | --- | Bug Fix |
| Andrej Nemec | 2016-05-03 11:07:58 UTC | Blocks | 1332507 | |
| Andrej Nemec | 2016-05-03 11:08:59 UTC | Whiteboard | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-94,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 12:30:04 UTC | Whiteboard | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 13:07:14 UTC | Whiteboard | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 15:24:49 UTC | Whiteboard | impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 15:24:54 UTC | Summary | EMBARGOED CVE-2016-3715 ImageMagick: File deletion | CVE-2016-3715 ImageMagick: File deletion |
| Stefan Cornelius | 2016-05-03 15:25:00 UTC | Group | security, qe_staff | |
| Stefan Cornelius | 2016-05-03 15:25:10 UTC | Depends On | 1332632 | |
| Stefan Cornelius | 2016-05-03 15:34:03 UTC | Depends On | 1332638 | |
| Stefan Cornelius | 2016-05-03 15:34:10 UTC | Depends On | 1332639 | |
| Stefan Cornelius | 2016-05-03 15:34:21 UTC | Depends On | 1332640 | |
| Stefan Cornelius | 2016-05-03 15:34:27 UTC | Depends On | 1332641 | |
| Stefan Cornelius | 2016-05-03 19:43:29 UTC | Depends On | 1332695 | |
| Stefan Cornelius | 2016-05-04 11:44:50 UTC | Depends On | 1332930 | |
| Slawomir Czarko | 2016-05-04 14:06:38 UTC | CC | slawomir | |
| Stefan Cornelius | 2016-05-04 15:30:41 UTC | Doc Text | It was discovered that ImageMagick's ephemeral pseudo-protocol deletes files after use. A remote attacker could exploit this flaw to delete arbitrary files on a vulnerable system by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. | |
| Stefan Cornelius | 2016-05-05 11:32:25 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=notaffected,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Martin Prpič | 2016-05-05 12:38:04 UTC | Doc Text | It was discovered that ImageMagick's ephemeral pseudo-protocol deletes files after use. A remote attacker could exploit this flaw to delete arbitrary files on a vulnerable system by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. | It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files. |
| Norman Sardella | 2016-05-06 13:22:27 UTC | CC | sardella | |
| Stefan Cornelius | 2016-06-02 12:59:28 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=notaffected,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=notaffected,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected | ||
| Last Closed | 2016-06-02 08:59:28 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=notaffected,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected |
Back to bug 1332500