Описание
Security update for gd
This update for gd fixes the following security issues:
- CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283)
- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Software Development Kit 11 SP4
gd-devel-2.0.36.RC1-52.32.1
Ссылки
- Link for SUSE-SU-2017:0459-1
- E-Mail link for SUSE-SU-2017:0459-1
- SUSE Security Ratings
- SUSE Bug 1022264
- SUSE Bug 1022265
- SUSE Bug 1022283
- SUSE CVE CVE-2016-10167 page
- SUSE CVE CVE-2016-10168 page
- SUSE CVE CVE-2016-9317 page
Описание
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.32.1
Ссылки
- CVE-2016-10167
- SUSE Bug 1022069
- SUSE Bug 1022264
Описание
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.32.1
Ссылки
- CVE-2016-10168
- SUSE Bug 1022069
- SUSE Bug 1022265
Описание
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.32.1
Ссылки
- CVE-2016-9317
- SUSE Bug 1022283