Back to bug 1332505

Who When What Removed Added
Andrej Nemec 2016-05-03 11:04:21 UTC CC security-response-team
Red Hat Bugzilla 2016-05-03 11:04:21 UTC Doc Type --- Bug Fix
Andrej Nemec 2016-05-03 11:08:07 UTC Blocks 1332507
Stefan Cornelius 2016-05-03 13:15:13 UTC Whiteboard impact=important,public=no,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new impact=important,public=no,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 13:15:45 UTC Whiteboard impact=important,public=no,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=important,public=no,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 15:27:22 UTC Whiteboard impact=important,public=no,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Stefan Cornelius 2016-05-03 15:27:26 UTC Summary EMBARGOED CVE-2016-3717 ImageMagick: Local file read CVE-2016-3717 ImageMagick: Local file read
Stefan Cornelius 2016-05-03 15:27:32 UTC Group security, qe_staff
Stefan Cornelius 2016-05-03 15:27:52 UTC Depends On 1332634
Stefan Cornelius 2016-05-03 15:34:03 UTC Depends On 1332638
Stefan Cornelius 2016-05-03 15:34:10 UTC Depends On 1332639
Stefan Cornelius 2016-05-03 15:34:21 UTC Depends On 1332640
Stefan Cornelius 2016-05-03 15:34:27 UTC Depends On 1332641
Stefan Cornelius 2016-05-03 19:43:29 UTC Depends On 1332695
Jan Horak 2016-05-04 07:35:51 UTC CC scorneli
Flags needinfo?(scorneli)
Stefan Cornelius 2016-05-04 11:44:50 UTC Depends On 1332930
Slawomir Czarko 2016-05-04 14:06:07 UTC CC slawomir
Stefan Cornelius 2016-05-04 15:32:41 UTC Doc Text It was discovered that ImageMagick did not properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker could exploit this flaw to generate output files containing the contents of arbitrary files by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick.
Stefan Cornelius 2016-05-05 08:36:47 UTC Flags needinfo?(scorneli)
Stefan Cornelius 2016-05-05 11:33:51 UTC Whiteboard impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new
Martin Prpič 2016-05-05 12:38:42 UTC Doc Text It was discovered that ImageMagick did not properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker could exploit this flaw to generate output files containing the contents of arbitrary files by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files.
Norman Sardella 2016-05-06 13:21:12 UTC CC sardella
Peter Bex 2016-05-07 13:47:22 UTC CC airhead
Stefan Cornelius 2016-06-02 12:59:31 UTC Status NEW CLOSED
Resolution --- ERRATA
Whiteboard impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected
Last Closed 2016-06-02 08:59:31 UTC
Product Security DevOps Team 2019-09-29 13:48:22 UTC Whiteboard impact=important,public=20160503,reported=20160502,source=researcher,cvss2=7.1/AV:N/AC:M/Au:N/C:C/I:N/A:N,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected

Back to bug 1332505