Описание
Security update for gd
This update for gd fixes several issues.
This security issue was fixed:
- CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)
This non-security issue was fixed:
- Fixed gd2togif error message (bsc#1025223)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
gd-2.0.36.RC1-52.33.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
gd-2.0.36.RC1-52.33.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4
gd-devel-2.0.36.RC1-52.33.5.1
Ссылки
- Link for SUSE-SU-2018:0235-1
- E-Mail link for SUSE-SU-2018:0235-1
- SUSE Security Ratings
- SUSE Bug 1025223
- SUSE Bug 1076391
- SUSE CVE CVE-2018-5711 page
Описание
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.33.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.33.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.33.5.1
Ссылки
- CVE-2018-5711
- SUSE Bug 1076391