Описание
Security update for gd
This update for gd fixes the following security issues:
- CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553)
- CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284)
- CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283)
- CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263)
- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
Ссылки
- Link for SUSE-SU-2017:0468-1
- E-Mail link for SUSE-SU-2017:0468-1
- SUSE Security Ratings
- SUSE Bug 1022263
- SUSE Bug 1022264
- SUSE Bug 1022265
- SUSE Bug 1022283
- SUSE Bug 1022284
- SUSE Bug 1022553
- SUSE CVE CVE-2016-10166 page
- SUSE CVE CVE-2016-10167 page
- SUSE CVE CVE-2016-10168 page
- SUSE CVE CVE-2016-6906 page
- SUSE CVE CVE-2016-6912 page
- SUSE CVE CVE-2016-9317 page
Описание
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
Затронутые продукты
Ссылки
- CVE-2016-10166
- SUSE Bug 1022069
- SUSE Bug 1022263
Описание
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-10167
- SUSE Bug 1022069
- SUSE Bug 1022264
Описание
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
Затронутые продукты
Ссылки
- CVE-2016-10168
- SUSE Bug 1022069
- SUSE Bug 1022265
Описание
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
Затронутые продукты
Ссылки
- CVE-2016-6906
- SUSE Bug 1022553
Описание
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Затронутые продукты
Ссылки
- CVE-2016-6912
- SUSE Bug 1022284
Описание
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
Затронутые продукты
Ссылки
- CVE-2016-9317
- SUSE Bug 1022283