Engine Yard incident

ImageMagick vulnerability CVE-2016-3714

Minor Resolved View vendor source →

Engine Yard experienced a minor incident on May 4, 2016, lasting 106d 1h. The incident has been resolved; the full update timeline is below.

Started
May 04, 2016, 03:16 PM UTC
Resolved
Aug 18, 2016, 04:39 PM UTC
Duration
106d 1h
Detected by Pingoru
May 04, 2016, 03:16 PM UTC

Update timeline

  1. investigating May 04, 2016, 03:16 PM UTC

    ImageMagick vulnerability CVE-2016-3714 announced. There is currently no patch available. However, you can protect your application by following the steps listed at: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&p=132726&sid=6b961f8b680a0c18189de528bd53504a#p132726 We will continue to monitor the situation as it develops.

  2. investigating Jun 08, 2016, 03:16 PM UTC

    We are tracking CVE-2016-5118 and CVE-2016-3714 together. We will update this status page when a fix is released.

  3. investigating Jun 30, 2016, 04:52 PM UTC

    New packages for CVE-2016-5118 have been released.

  4. resolved Aug 18, 2016, 04:39 PM UTC

    We have released =media-gfx/imagemagick-6.7.8.7-r2 and =media-gfx/imagemagick-6.9.0.3-r2 for our Stable V4 stack to resolve both cve vulnerabilities.