Описание
Security update for gd
This update for gd fixes one issues.
This security issue was fixed:
- CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gd-2.1.0-24.6.1
gd-32bit-2.1.0-24.6.1
SUSE Linux Enterprise Desktop 12 SP3
gd-2.1.0-24.6.1
gd-32bit-2.1.0-24.6.1
SUSE Linux Enterprise Server 12 SP2
gd-2.1.0-24.6.1
SUSE Linux Enterprise Server 12 SP3
gd-2.1.0-24.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gd-2.1.0-24.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gd-2.1.0-24.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
gd-2.1.0-24.6.1
SUSE Linux Enterprise Software Development Kit 12 SP2
gd-devel-2.1.0-24.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
gd-devel-2.1.0-24.6.1
SUSE Linux Enterprise Workstation Extension 12 SP2
gd-32bit-2.1.0-24.6.1
SUSE Linux Enterprise Workstation Extension 12 SP3
gd-32bit-2.1.0-24.6.1
Ссылки
- Link for SUSE-SU-2018:0260-1
- E-Mail link for SUSE-SU-2018:0260-1
- SUSE Security Ratings
- SUSE Bug 1076391
- SUSE CVE CVE-2018-5711 page
Описание
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-24.6.1
SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-24.6.1
SUSE Linux Enterprise Desktop 12 SP3:gd-2.1.0-24.6.1
SUSE Linux Enterprise Desktop 12 SP3:gd-32bit-2.1.0-24.6.1
Ссылки
- CVE-2018-5711
- SUSE Bug 1076391