Описание
Security update for gd
This update for gd fixes the following issues:
Security issues fixed:
- CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361).
- CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gd-2.2.5-lp150.8.1
gd-devel-2.2.5-lp150.8.1
libgd3-2.2.5-lp150.8.1
libgd3-32bit-2.2.5-lp150.8.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1148-1
- SUSE Security Ratings
- SUSE Bug 1123361
- SUSE Bug 1123522
- SUSE CVE CVE-2019-6977 page
- SUSE CVE CVE-2019-6978 page
Описание
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
Затронутые продукты
openSUSE Leap 15.0:gd-2.2.5-lp150.8.1
openSUSE Leap 15.0:gd-devel-2.2.5-lp150.8.1
openSUSE Leap 15.0:libgd3-2.2.5-lp150.8.1
openSUSE Leap 15.0:libgd3-32bit-2.2.5-lp150.8.1
Ссылки
- CVE-2019-6977
- SUSE Bug 1123354
- SUSE Bug 1123361
Описание
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Затронутые продукты
openSUSE Leap 15.0:gd-2.2.5-lp150.8.1
openSUSE Leap 15.0:gd-devel-2.2.5-lp150.8.1
openSUSE Leap 15.0:libgd3-2.2.5-lp150.8.1
openSUSE Leap 15.0:libgd3-32bit-2.2.5-lp150.8.1
Ссылки
- CVE-2019-6978
- SUSE Bug 1123522