Bug 983539 (CVE-2016-5239)

Summary: VUL-1: CVE-2016-5239: ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:RedHat:CVE-2016-5239:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-5239:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2016-06-07 15:37:21 UTC
via oss-sec

> 3) ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing
> command injection
> http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16

Use CVE-2016-5239
Comment 1 Marcus Meissner 2016-06-07 15:38:55 UTC
patch just removes gnuplot delegate.
Comment 2 Swamp Workflow Management 2016-06-07 22:01:42 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-06-09 09:37:16 UTC
This is already part of
GraphicsMagick-upstream-delegates-safer.patch
and
ImageMagick-6.8.8-1-disable-insecure-coders.patch
ImageMagick-remove-vulnerable-setting.patch
Comment 4 Petr Gajdos 2016-06-23 13:07:02 UTC
I believe all fixed.