openSUSE-SU-2018:0316-1

Опубликовано: 31 янв. 2018

Источник: suse-cvrf

Описание

Security update for gd

This update for gd fixes one issues.

This security issue was fixed:

CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

gd-2.1.0-24.1

gd-32bit-2.1.0-24.1

gd-devel-2.1.0-24.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-01/msg00114.html
E-Mail link for openSUSE-SU-2018:0316-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Затронутые продукты

openSUSE Leap 42.3:gd-2.1.0-24.1

openSUSE Leap 42.3:gd-32bit-2.1.0-24.1

openSUSE Leap 42.3:gd-devel-2.1.0-24.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-5711.html
CVE-2018-5711
https://bugzilla.suse.com/1076391
SUSE Bug 1076391

openSUSE-SU-2018:0316-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-5711

Описание

Затронутые продукты

Ссылки