983539 – (CVE-2016-5239) VUL-1: CVE-2016-5239: ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection

Bug 983539 (CVE-2016-5239) - VUL-1: CVE-2016-5239: ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection

Summary: VUL-1: CVE-2016-5239: ImageMagick, GraphicsMagick: Gnuplot delegate vulnerabi...

Status:	RESOLVED FIXED

Alias:	CVE-2016-5239

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2016-5239:5.1:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-06-07 15:37 UTC by Marcus Meissner
Modified:	2016-06-23 13:07 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-07 15:37:21 UTC

via oss-sec

> 3) ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing
> command injection
> http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16

Use CVE-2016-5239

Comment 1 Marcus Meissner 2016-06-07 15:38:55 UTC

patch just removes gnuplot delegate.

Comment 2 Swamp Workflow Management 2016-06-07 22:01:42 UTC

bugbot adjusting priority

Comment 3 Petr Gajdos 2016-06-09 09:37:16 UTC

This is already part of
GraphicsMagick-upstream-delegates-safer.patch
and
ImageMagick-6.8.8-1-disable-insecure-coders.patch
ImageMagick-remove-vulnerable-setting.patch

Comment 4 Petr Gajdos 2016-06-23 13:07:02 UTC

I believe all fixed.