[Bug 2210663] New: CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
12:44 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
Bug ID: 2210663
Summary: CVE-2023-34153 ImageMagick: Shell command injection
vulnerability via video:vsync or video:pixel-format
options in VIDEO encoding/decoding [fedora-38]
Product: Fedora
Version: 38
Status: NEW
Component: ImageMagick
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: luya_tfz(a)thefinalzone.net
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, davide(a)cavalca.name,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2210660
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
12:44 a.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
--- Comment #1 from Sandipan Roy <saroy(a)redhat.com> ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
=====
# bugfix, security, enhancement, newpackage (required)
type=security
# low, medium, high, urgent (required)
severity=high
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=2210660,2210663
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
# Suggest that users restart after update
suggest_reboot=False
======
Additionally, you may opt to use the bodhi web interface to submit updates:
https://bodhi.fedoraproject.org/updates/new
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
12:44 a.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
Sandipan Roy <saroy(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2210660 (CVE-2023-34153)
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2210660
[Bug 2210660] CVE-2023-34153 ImageMagick: Shell command injection vulnerability
via video:vsync or video:pixel-format options in VIDEO encoding/decoding
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
9:30 a.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |MODIFIED
--- Comment #2 from Fedora Update System <updates(a)fedoraproject.org> ---
FEDORA-2023-347adb2ea0 has been submitted as an update to Fedora 38.
https://bodhi.fedoraproject.org/updates/FEDORA-2023-347adb2ea0
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
8:11 p.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |ON_QA
--- Comment #3 from Fedora Update System <updates(a)fedoraproject.org> ---
FEDORA-2023-347adb2ea0 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh
--advisory=FEDORA-2023-347adb2ea0`
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2023-347adb2ea0
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information
on how to test updates.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
9:50 p.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
--- Comment #4 from Fedora Update System <updates(a)fedoraproject.org> ---
FEDORA-2023-d53831b69d has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh
--advisory=FEDORA-2023-d53831b69d`
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d53831b69d
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information
on how to test updates.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
9:44 p.m.
New subject: [Bug 2210663] CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version| |ImageMagick-7.1.1.11-1.fc38
Resolution|--- |ERRATA
Status|ON_QA |CLOSED
Last Closed| |2023-06-03 02:44:42
--- Comment #5 from Fedora Update System <updates(a)fedoraproject.org> ---
FEDORA-2023-d53831b69d has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210663
358
days inactive
363
days old
epel-packagers-sig@lists.fedoraproject.org
6 comments
1 participants
participants (1)
-
bugzilla@redhat.com