Security update for gd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3228-1 Final 1 1 2016-12-22T10:01:30Z current 2016-12-22T10:01:30Z 2016-12-22T10:01:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gd This security update for gd fixes the following issues: - a call to gdImageFillToBorder() could cause a stack overflow leading to stack exhaustion when the image used was not truecolor (CVE-2016-9933 ,boo#1015187) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html E-Mail link for openSUSE-SU-2016:3228-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 gd-2.1.0-7.22.1 gd-debuginfo-2.1.0-7.22.1 gd-debugsource-2.1.0-7.22.1 gd-devel-2.1.0-7.22.1 libgd3-2.1.0-7.22.1 libgd3-32bit-2.1.0-7.22.1 libgd3-debuginfo-2.1.0-7.22.1 libgd3-debuginfo-32bit-2.1.0-7.22.1 gd-2.1.0-7.22.1 as a component of openSUSE 13.2 gd-debuginfo-2.1.0-7.22.1 as a component of openSUSE 13.2 gd-debugsource-2.1.0-7.22.1 as a component of openSUSE 13.2 gd-devel-2.1.0-7.22.1 as a component of openSUSE 13.2 libgd3-2.1.0-7.22.1 as a component of openSUSE 13.2 libgd3-32bit-2.1.0-7.22.1 as a component of openSUSE 13.2 libgd3-debuginfo-2.1.0-7.22.1 as a component of openSUSE 13.2 libgd3-debuginfo-32bit-2.1.0-7.22.1 as a component of openSUSE 13.2 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. CVE-2016-9933 openSUSE 13.2:gd-2.1.0-7.22.1 openSUSE 13.2:gd-debuginfo-2.1.0-7.22.1 openSUSE 13.2:gd-debugsource-2.1.0-7.22.1 openSUSE 13.2:gd-devel-2.1.0-7.22.1 openSUSE 13.2:libgd3-2.1.0-7.22.1 openSUSE 13.2:libgd3-32bit-2.1.0-7.22.1 openSUSE 13.2:libgd3-debuginfo-2.1.0-7.22.1 openSUSE 13.2:libgd3-debuginfo-32bit-2.1.0-7.22.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html https://www.suse.com/security/cve/CVE-2016-9933.html CVE-2016-9933 https://bugzilla.suse.com/1015187 SUSE Bug 1015187