Описание
Security update for gd
The graphics drawing library gd has been updated to fix one security issue:
* possible buffer read overflow (CVE-2014-9709)
Security Issues:
* CVE-2014-9709
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3
gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Software Development Kit 11 SP3
gd-devel-2.0.36.RC1-52.20.1
Ссылки
- Link for SUSE-SU-2015:0835-1
- E-Mail link for SUSE-SU-2015:0835-1
- SUSE Security Ratings
- SUSE Bug 923945
- SUSE CVE CVE-2014-9709 page
Описание
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3:gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:gd-2.0.36.RC1-52.20.1
Ссылки
- CVE-2014-9709
- SUSE Bug 923945
- SUSE Bug 923946
- SUSE Bug 980366