Описание
Security update for gd
This update for gd fixes the following issues:
- CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
gd-2.1.0-20.1
gd-32bit-2.1.0-20.1
SUSE Linux Enterprise Desktop 12 SP2
gd-2.1.0-20.1
gd-32bit-2.1.0-20.1
SUSE Linux Enterprise Server 12 SP1
gd-2.1.0-20.1
SUSE Linux Enterprise Server 12 SP2
gd-2.1.0-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gd-2.1.0-20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
gd-2.1.0-20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gd-2.1.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1
gd-devel-2.1.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP2
gd-devel-2.1.0-20.1
SUSE Linux Enterprise Workstation Extension 12 SP1
gd-32bit-2.1.0-20.1
SUSE Linux Enterprise Workstation Extension 12 SP2
gd-32bit-2.1.0-20.1
Ссылки
- Link for SUSE-SU-2016:3211-1
- E-Mail link for SUSE-SU-2016:3211-1
- SUSE Security Ratings
- SUSE Bug 1015187
- SUSE CVE CVE-2016-9933 page
Описание
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-20.1
SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-20.1
Ссылки
- CVE-2016-9933
- SUSE Bug 1015187