openSUSE-SU-2017:0006-1

Опубликовано: 02 янв. 2017

Источник: suse-cvrf

Описание

Security update for gd

This update for gd fixes the following issues:

CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

gd-2.1.0-13.1

gd-32bit-2.1.0-13.1

gd-devel-2.1.0-13.1

openSUSE Leap 42.2

gd-2.1.0-13.1

gd-32bit-2.1.0-13.1

gd-devel-2.1.0-13.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
E-Mail link for openSUSE-SU-2017:0006-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Затронутые продукты

openSUSE Leap 42.1:gd-2.1.0-13.1

openSUSE Leap 42.1:gd-32bit-2.1.0-13.1

openSUSE Leap 42.1:gd-devel-2.1.0-13.1

openSUSE Leap 42.2:gd-2.1.0-13.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9933.html
CVE-2016-9933
https://bugzilla.suse.com/1015187
SUSE Bug 1015187

openSUSE-SU-2017:0006-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-9933

Описание

Затронутые продукты

Ссылки