ImageMagick Security Issue: CVE-2016-3714
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
imagemagick (Debian) |
Fix Released
|
Unknown
|
|||
imagemagick (Ubuntu) |
Fix Released
|
Medium
|
Seth Arnold | ||
Precise |
Fix Released
|
Medium
|
Seth Arnold | ||
Trusty |
Fix Released
|
Medium
|
Seth Arnold | ||
Wily |
Fix Released
|
Medium
|
Seth Arnold | ||
Xenial |
Fix Released
|
Medium
|
Seth Arnold | ||
Yakkety |
Fix Released
|
Medium
|
Seth Arnold |
Bug Description
Imagemagick Announce on Discourse: https:/
https:/
It would be great if this can be fixed quickly, to keep Ubuntu users safe.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: imagemagick 8:6.8.9.9-7ubuntu5
ProcVersionSign
Uname: Linux 4.4.0-21-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CurrentDesktop: KDE
Date: Wed May 4 14:28:39 2016
InstallationDate: Installed on 2015-08-11 (267 days ago)
InstallationMedia: It
SourcePackage: imagemagick
UpgradeStatus: Upgraded to xenial on 2016-03-27 (38 days ago)
information type: | Private Security → Public Security |
Changed in imagemagick (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in imagemagick (Ubuntu Trusty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in imagemagick (Ubuntu Wily): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in imagemagick (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Yakkety): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in imagemagick (Ubuntu Yakkety): | |
importance: | Undecided → Medium |
Changed in imagemagick (Ubuntu Precise): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
Changed in imagemagick (Ubuntu Trusty): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
Changed in imagemagick (Ubuntu Wily): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
Changed in imagemagick (Ubuntu Xenial): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
Changed in imagemagick (Ubuntu Yakkety): | |
assignee: | nobody → Seth Arnold (seth-arnold) |
Changed in imagemagick (Debian): | |
status: | Unknown → Fix Released |
It's a little unclear how this only warrants a severity of "medium" given that it is a full remote code execution exploit with actual weaponized code in the wild.