Описание
Security update for gd
This update for gd fixes the following issues:
Security issues fixed:
- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-EC2-HVM
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-GCE
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-GCE-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-OCI-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP5-Azure-SAP-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP5-Azure-SAP-On-Demand
gd-2.1.0-24.12.1
Image SLES12-SP5-EC2-SAP-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP5-EC2-SAP-On-Demand
gd-2.1.0-24.12.1
Image SLES12-SP5-GCE-SAP-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP5-GCE-SAP-On-Demand
gd-2.1.0-24.12.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
gd-2.1.0-24.12.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
gd-2.1.0-24.12.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
gd-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12 SP3
gd-2.1.0-24.12.1
gd-32bit-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12 SP4
gd-2.1.0-24.12.1
gd-32bit-2.1.0-24.12.1
SUSE Linux Enterprise Server 12 SP3
gd-2.1.0-24.12.1
SUSE Linux Enterprise Server 12 SP4
gd-2.1.0-24.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
gd-2.1.0-24.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
gd-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12 SP3
gd-devel-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12 SP4
gd-devel-2.1.0-24.12.1
SUSE Linux Enterprise Workstation Extension 12 SP3
gd-32bit-2.1.0-24.12.1
SUSE Linux Enterprise Workstation Extension 12 SP4
gd-32bit-2.1.0-24.12.1
Ссылки
- Link for SUSE-SU-2019:0747-1
- E-Mail link for SUSE-SU-2019:0747-1
- SUSE Security Ratings
- SUSE Bug 1123361
- SUSE Bug 1123522
- SUSE CVE CVE-2019-6977 page
- SUSE CVE CVE-2019-6978 page
Описание
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-BYOS:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:gd-2.1.0-24.12.1
Ссылки
- CVE-2019-6977
- SUSE Bug 1123354
- SUSE Bug 1123361
Описание
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-BYOS:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gd-2.1.0-24.12.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:gd-2.1.0-24.12.1
Ссылки
- CVE-2019-6978
- SUSE Bug 1123522