Описание
Security update for gd
This update for gd fixes the following issues:
Security issues fixed:
- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
Список пакетов
Image SLES15-SAP-Azure
libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libgd3-2.2.5-4.6.1
Image SLES15-SAP-EC2-HVM
libgd3-2.2.5-4.6.1
Image SLES15-SAP-EC2-HVM-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SAP-GCE
libgd3-2.2.5-4.6.1
Image SLES15-SAP-GCE-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SAP-OCI-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
libgd3-2.2.5-4.6.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-Azure
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-Azure-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-EC2-HVM
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-GCE
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-GCE-BYOS
libgd3-2.2.5-4.6.1
Image SLES15-SP1-SAP-OCI-BYOS
libgd3-2.2.5-4.6.1
SUSE Linux Enterprise Module for Basesystem 15
libgd3-2.2.5-4.6.1
SUSE Linux Enterprise Module for Desktop Applications 15
gd-2.2.5-4.6.1
gd-devel-2.2.5-4.6.1
Ссылки
- Link for SUSE-SU-2019:0771-1
- E-Mail link for SUSE-SU-2019:0771-1
- SUSE Security Ratings
- SUSE Bug 1123361
- SUSE Bug 1123522
- SUSE CVE CVE-2019-6977 page
- SUSE CVE CVE-2019-6978 page
Описание
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure:libgd3-2.2.5-4.6.1
Ссылки
- CVE-2019-6977
- SUSE Bug 1123354
- SUSE Bug 1123361
Описание
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libgd3-2.2.5-4.6.1
Image SLES15-SAP-Azure:libgd3-2.2.5-4.6.1
Ссылки
- CVE-2019-6978
- SUSE Bug 1123522