Security update for gd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0006-1 Final 1 1 2017-01-02T08:13:15Z current 2017-01-02T08:13:15Z 2017-01-02T08:13:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gd This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html E-Mail link for openSUSE-SU-2017:0006-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 gd-2.1.0-13.1 gd-32bit-2.1.0-13.1 gd-devel-2.1.0-13.1 gd-2.1.0-13.1 as a component of openSUSE Leap 42.1 gd-32bit-2.1.0-13.1 as a component of openSUSE Leap 42.1 gd-devel-2.1.0-13.1 as a component of openSUSE Leap 42.1 gd-2.1.0-13.1 as a component of openSUSE Leap 42.2 gd-32bit-2.1.0-13.1 as a component of openSUSE Leap 42.2 gd-devel-2.1.0-13.1 as a component of openSUSE Leap 42.2 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. CVE-2016-9933 openSUSE Leap 42.1:gd-2.1.0-13.1 openSUSE Leap 42.1:gd-32bit-2.1.0-13.1 openSUSE Leap 42.1:gd-devel-2.1.0-13.1 openSUSE Leap 42.2:gd-2.1.0-13.1 openSUSE Leap 42.2:gd-32bit-2.1.0-13.1 openSUSE Leap 42.2:gd-devel-2.1.0-13.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html https://www.suse.com/security/cve/CVE-2016-9933.html CVE-2016-9933 https://bugzilla.suse.com/1015187 SUSE Bug 1015187