SUSE-SU-2019:13961-1

Опубликовано: 14 фев. 2019

Источник: suse-cvrf

Описание

Security update for php53

This update for php53 fixes the following issues:

Security issues fixed:

CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354).
CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).

Список пакетов

SUSE Linux Enterprise Server 11 SP4

apache2-mod_php53-5.3.17-112.53.1

php53-5.3.17-112.53.1

php53-bcmath-5.3.17-112.53.1

php53-bz2-5.3.17-112.53.1

php53-calendar-5.3.17-112.53.1

php53-ctype-5.3.17-112.53.1

php53-curl-5.3.17-112.53.1

php53-dba-5.3.17-112.53.1

php53-dom-5.3.17-112.53.1

php53-exif-5.3.17-112.53.1

php53-fastcgi-5.3.17-112.53.1

php53-fileinfo-5.3.17-112.53.1

php53-ftp-5.3.17-112.53.1

php53-gd-5.3.17-112.53.1

php53-gettext-5.3.17-112.53.1

php53-gmp-5.3.17-112.53.1

php53-iconv-5.3.17-112.53.1

php53-intl-5.3.17-112.53.1

php53-json-5.3.17-112.53.1

php53-ldap-5.3.17-112.53.1

php53-mbstring-5.3.17-112.53.1

php53-mcrypt-5.3.17-112.53.1

php53-mysql-5.3.17-112.53.1

php53-odbc-5.3.17-112.53.1

php53-openssl-5.3.17-112.53.1

php53-pcntl-5.3.17-112.53.1

php53-pdo-5.3.17-112.53.1

php53-pear-5.3.17-112.53.1

php53-pgsql-5.3.17-112.53.1

php53-pspell-5.3.17-112.53.1

php53-shmop-5.3.17-112.53.1

php53-snmp-5.3.17-112.53.1

php53-soap-5.3.17-112.53.1

php53-suhosin-5.3.17-112.53.1

php53-sysvmsg-5.3.17-112.53.1

php53-sysvsem-5.3.17-112.53.1

php53-sysvshm-5.3.17-112.53.1

php53-tokenizer-5.3.17-112.53.1

php53-wddx-5.3.17-112.53.1

php53-xmlreader-5.3.17-112.53.1

php53-xmlrpc-5.3.17-112.53.1

php53-xmlwriter-5.3.17-112.53.1

php53-xsl-5.3.17-112.53.1

php53-zip-5.3.17-112.53.1

php53-zlib-5.3.17-112.53.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

apache2-mod_php53-5.3.17-112.53.1

php53-5.3.17-112.53.1

php53-bcmath-5.3.17-112.53.1

php53-bz2-5.3.17-112.53.1

php53-calendar-5.3.17-112.53.1

php53-ctype-5.3.17-112.53.1

php53-curl-5.3.17-112.53.1

php53-dba-5.3.17-112.53.1

php53-dom-5.3.17-112.53.1

php53-exif-5.3.17-112.53.1

php53-fastcgi-5.3.17-112.53.1

php53-fileinfo-5.3.17-112.53.1

php53-ftp-5.3.17-112.53.1

php53-gd-5.3.17-112.53.1

php53-gettext-5.3.17-112.53.1

php53-gmp-5.3.17-112.53.1

php53-iconv-5.3.17-112.53.1

php53-intl-5.3.17-112.53.1

php53-json-5.3.17-112.53.1

php53-ldap-5.3.17-112.53.1

php53-mbstring-5.3.17-112.53.1

php53-mcrypt-5.3.17-112.53.1

php53-mysql-5.3.17-112.53.1

php53-odbc-5.3.17-112.53.1

php53-openssl-5.3.17-112.53.1

php53-pcntl-5.3.17-112.53.1

php53-pdo-5.3.17-112.53.1

php53-pear-5.3.17-112.53.1

php53-pgsql-5.3.17-112.53.1

php53-pspell-5.3.17-112.53.1

php53-shmop-5.3.17-112.53.1

php53-snmp-5.3.17-112.53.1

php53-soap-5.3.17-112.53.1

php53-suhosin-5.3.17-112.53.1

php53-sysvmsg-5.3.17-112.53.1

php53-sysvsem-5.3.17-112.53.1

php53-sysvshm-5.3.17-112.53.1

php53-tokenizer-5.3.17-112.53.1

php53-wddx-5.3.17-112.53.1

php53-xmlreader-5.3.17-112.53.1

php53-xmlrpc-5.3.17-112.53.1

php53-xmlwriter-5.3.17-112.53.1

php53-xsl-5.3.17-112.53.1

php53-zip-5.3.17-112.53.1

php53-zlib-5.3.17-112.53.1

SUSE Linux Enterprise Software Development Kit 11 SP4

php53-devel-5.3.17-112.53.1

php53-imap-5.3.17-112.53.1

php53-posix-5.3.17-112.53.1

php53-readline-5.3.17-112.53.1

php53-sockets-5.3.17-112.53.1

php53-sqlite-5.3.17-112.53.1

php53-tidy-5.3.17-112.53.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201913961-1/
Link for SUSE-SU-2019:13961-1
https://lists.suse.com/pipermail/sle-security-updates/2019-February/005123.html
E-Mail link for SUSE-SU-2019:13961-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1123354
SUSE Bug 1123354
https://bugzilla.suse.com/1123522
SUSE Bug 1123522
https://www.suse.com/security/cve/CVE-2019-6977/
SUSE CVE CVE-2019-6977 page
https://www.suse.com/security/cve/CVE-2019-6978/
SUSE CVE CVE-2019-6978 page

Описание

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-112.53.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-6977.html
CVE-2019-6977
https://bugzilla.suse.com/1123354
SUSE Bug 1123354
https://bugzilla.suse.com/1123361
SUSE Bug 1123361

Описание

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-112.53.1

SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-112.53.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-6978.html
CVE-2019-6978
https://bugzilla.suse.com/1123522
SUSE Bug 1123522

SUSE-SU-2019:13961-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2019-6977

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-6978

Описание

Затронутые продукты

Ссылки