Описание
Security update for gd
This update for gd fixes the following issues:
- CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187]
Список пакетов
SUSE Linux Enterprise Server 11 SP4
gd-2.0.36.RC1-52.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gd-2.0.36.RC1-52.29.1
SUSE Linux Enterprise Software Development Kit 11 SP4
gd-devel-2.0.36.RC1-52.29.1
Ссылки
- Link for SUSE-SU-2016:3251-1
- E-Mail link for SUSE-SU-2016:3251-1
- SUSE Security Ratings
- SUSE Bug 1015187
- SUSE CVE CVE-2016-9933 page
Описание
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.29.1
SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.29.1
Ссылки
- CVE-2016-9933
- SUSE Bug 1015187