Mageia 6: MGASA-2018-0367 Moderate: libgd Remote Code Execution
mageia
September 2, 2018
The updated packages fix security vulnerabilities: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and ...
Summary
The updated packages fix security vulnerabilities:
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before
5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1,
has an integer signedness error that leads to an infinite loop via a
crafted GIF file, as demonstrated by a call to the imagecreatefromgif or
imagecreatefromstring PHP function. This is related to GetCode_ and
gdImageCreateFromGifCtx (CVE-2018-5711).
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in
gdImageBmpPtr Function that can result in Remote Code Execution . This
attack appear to be exploitable via Specially Crafted Jpeg Image can
trigger double free (CVE-2018-1000222).
References
- https://bugs.mageia.org/show_bug.cgi?id=23496
- https://ubuntu.com/security/notices/USN-3755-1
- https://www.cve.org/CVERecord?id=CVE-2018-5711
- https://www.cve.org/CVERecord?id=CVE-2018-1000222
Resolution
SRPMS
- 6/core/libgd-2.2.5-2.1.mga6
PREVIOUS
NEXT
Publication date: 02 Sep 2018
URL: https://advisories.mageia.org/MGASA-2018-0367.html
Type: security
CVE: CVE-2018-5711,
CVE-2018-1000222
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!