SUSE-SU-2019:0449-1

Опубликовано: 20 фев. 2019

Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following issues:

Security vulnerability fixed:

CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gd_color_match.c (bsc#1123354)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

apache2-mod_php5-5.5.14-109.48.1

php5-5.5.14-109.48.1

php5-bcmath-5.5.14-109.48.1

php5-bz2-5.5.14-109.48.1

php5-calendar-5.5.14-109.48.1

php5-ctype-5.5.14-109.48.1

php5-curl-5.5.14-109.48.1

php5-dba-5.5.14-109.48.1

php5-dom-5.5.14-109.48.1

php5-enchant-5.5.14-109.48.1

php5-exif-5.5.14-109.48.1

php5-fastcgi-5.5.14-109.48.1

php5-fileinfo-5.5.14-109.48.1

php5-fpm-5.5.14-109.48.1

php5-ftp-5.5.14-109.48.1

php5-gd-5.5.14-109.48.1

php5-gettext-5.5.14-109.48.1

php5-gmp-5.5.14-109.48.1

php5-iconv-5.5.14-109.48.1

php5-imap-5.5.14-109.48.1

php5-intl-5.5.14-109.48.1

php5-json-5.5.14-109.48.1

php5-ldap-5.5.14-109.48.1

php5-mbstring-5.5.14-109.48.1

php5-mcrypt-5.5.14-109.48.1

php5-mysql-5.5.14-109.48.1

php5-odbc-5.5.14-109.48.1

php5-opcache-5.5.14-109.48.1

php5-openssl-5.5.14-109.48.1

php5-pcntl-5.5.14-109.48.1

php5-pdo-5.5.14-109.48.1

php5-pear-5.5.14-109.48.1

php5-pgsql-5.5.14-109.48.1

php5-phar-5.5.14-109.48.1

php5-posix-5.5.14-109.48.1

php5-pspell-5.5.14-109.48.1

php5-shmop-5.5.14-109.48.1

php5-snmp-5.5.14-109.48.1

php5-soap-5.5.14-109.48.1

php5-sockets-5.5.14-109.48.1

php5-sqlite-5.5.14-109.48.1

php5-suhosin-5.5.14-109.48.1

php5-sysvmsg-5.5.14-109.48.1

php5-sysvsem-5.5.14-109.48.1

php5-sysvshm-5.5.14-109.48.1

php5-tokenizer-5.5.14-109.48.1

php5-wddx-5.5.14-109.48.1

php5-xmlreader-5.5.14-109.48.1

php5-xmlrpc-5.5.14-109.48.1

php5-xmlwriter-5.5.14-109.48.1

php5-xsl-5.5.14-109.48.1

php5-zip-5.5.14-109.48.1

php5-zlib-5.5.14-109.48.1

SUSE Linux Enterprise Software Development Kit 12 SP3

php5-devel-5.5.14-109.48.1

SUSE Linux Enterprise Software Development Kit 12 SP4

php5-devel-5.5.14-109.48.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190449-1/
Link for SUSE-SU-2019:0449-1
https://lists.suse.com/pipermail/sle-security-updates/2019-February/005141.html
E-Mail link for SUSE-SU-2019:0449-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1123354
SUSE Bug 1123354
https://www.suse.com/security/cve/CVE-2019-6977/
SUSE CVE CVE-2019-6977 page

Описание

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-6977.html
CVE-2019-6977
https://bugzilla.suse.com/1123354
SUSE Bug 1123354
https://bugzilla.suse.com/1123361
SUSE Bug 1123361

SUSE-SU-2019:0449-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2019-6977

Описание

Затронутые продукты

Ссылки