Back to bug 1332504

Who When What Removed Added
Andrej Nemec 2016-05-03 11:00:50 UTC CC security-response-team
Red Hat Bugzilla 2016-05-03 11:00:50 UTC Doc Type --- Bug Fix
Andrej Nemec 2016-05-03 11:08:03 UTC Blocks 1332507
Stefan Cornelius 2016-05-03 13:07:34 UTC Whiteboard impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 13:15:49 UTC Whiteboard impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 15:26:00 UTC Whiteboard impact=moderate,public=no,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 15:26:05 UTC Summary EMBARGOED CVE-2016-3716 ImageMagick: File moving CVE-2016-3716 ImageMagick: File moving
Stefan Cornelius 2016-05-03 15:26:10 UTC Group security, qe_staff
Stefan Cornelius 2016-05-03 15:26:21 UTC Depends On 1332633
Stefan Cornelius 2016-05-03 15:34:03 UTC Depends On 1332638
Stefan Cornelius 2016-05-03 15:34:10 UTC Depends On 1332639
Stefan Cornelius 2016-05-03 15:34:21 UTC Depends On 1332640
Stefan Cornelius 2016-05-03 15:34:27 UTC Depends On 1332641
Stefan Cornelius 2016-05-03 19:43:29 UTC Depends On 1332695
Stefan Cornelius 2016-05-04 11:44:50 UTC Depends On 1332930
Slawomir Czarko 2016-05-04 14:06:23 UTC CC slawomir
Stefan Cornelius 2016-05-04 15:31:48 UTC Doc Text It was discovered that ImageMagick did not properly prevent file move operations when processing certain MVG files. A remote attacker could exploit this flaw to move arbitrary files on a vulnerable system by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick.
Stefan Cornelius 2016-05-05 11:32:59 UTC Whiteboard impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Martin Prpič 2016-05-05 12:38:28 UTC Doc Text It was discovered that ImageMagick did not properly prevent file move operations when processing certain MVG files. A remote attacker could exploit this flaw to move arbitrary files on a vulnerable system by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files.
Norman Sardella 2016-05-06 13:21:45 UTC CC sardella
Stefan Cornelius 2016-06-02 12:59:30 UTC Status NEW CLOSED
Resolution --- ERRATA
Whiteboard impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected
Last Closed 2016-06-02 08:59:30 UTC
Product Security DevOps Team 2019-09-29 13:48:22 UTC Whiteboard impact=moderate,public=20160503,reported=20160502,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected

Back to bug 1332504