Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2020:14309-1 Moderate: GD Buffer Over-Read and Free Issues

suse
Calendar Grey March 9, 2020
Dist Suse Esm H88
SUSE has released a security patch for gd addressing multiple vulnerabilities such as buffer overflow and potential data exposure. More information is available here.
An update that fixes three vulnerabilities is now available

Summary

This update for gd fixes the following issues: Security vulnerability addressed: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2019-6978: Fixed a double free in the GD graphics library (bsc#1123522). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gd-14309=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): gd-debuginfo-2.0.36.RC1-52.33.12.1 gd-debugsource-2.0.36.RC1-52.33.12.1

References

#1050241 #1123522 #1140120

Cross- CVE-2017-7890 CVE-2019-11038 CVE-2019-6978

Affected Products:

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-7890.html

https://www.suse.com/security/cve/CVE-2019-11038.html

https://www.suse.com/security/cve/CVE-2019-6978.html

https://bugzilla.suse.com/1050241

https://bugzilla.suse.com/1123522

https://bugzilla.suse.com/1140120

Announcement ID: SUSE-SU-2020:14309-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here