Описание
Security update for gd
This update for gd fixes the following issues:
Security issue fixed:
- CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471).
- CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).
Список пакетов
Image SLES15-SAP-Azure
libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libgd3-2.2.5-4.14.1
Image SLES15-SAP-EC2-HVM
libgd3-2.2.5-4.14.1
Image SLES15-SAP-EC2-HVM-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SAP-GCE
libgd3-2.2.5-4.14.1
Image SLES15-SAP-GCE-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SAP-OCI-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
libgd3-2.2.5-4.14.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-Azure
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-Azure-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-EC2-HVM
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-GCE
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-GCE-BYOS
libgd3-2.2.5-4.14.1
Image SLES15-SP1-SAP-OCI-BYOS
libgd3-2.2.5-4.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libgd3-2.2.5-4.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
gd-2.2.5-4.14.1
gd-devel-2.2.5-4.14.1
Ссылки
- Link for SUSE-SU-2020:0594-1
- E-Mail link for SUSE-SU-2020:0594-1
- SUSE Security Ratings
- SUSE Bug 1140120
- SUSE Bug 1165471
- SUSE CVE CVE-2018-14553 page
- SUSE CVE CVE-2019-11038 page
Описание
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure:libgd3-2.2.5-4.14.1
Ссылки
- CVE-2018-14553
- SUSE Bug 1165471
Описание
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libgd3-2.2.5-4.14.1
Image SLES15-SAP-Azure:libgd3-2.2.5-4.14.1
Ссылки
- CVE-2019-11038
- SUSE Bug 1140118
- SUSE Bug 1140120