Bugzilla – Bug 1005274
VUL-0: CVE-2016-6911: php5, php7, php53, gd: Check for out-of-bound read in dynamicGetbuf()
Last modified: 2017-09-20 06:38:00 UTC
Created attachment 697849 [details] Patch for CVE-2016-6911 CVE-2016-6911 dynamicGetbuf() doesn't check for out-of-bound reads and returns wrong return code. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6911 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6911.html
bugbot adjusting priority
All versions of gd are affected, 11/gd and 10sp3/gd does not have tiff coder though.
This is an autogenerated message for OBS integration: This bug (1005274) was mentioned in https://build.opensuse.org/request/show/436506 13.2 / gd
All versions of php-gd need the gd_io_dp.c checks. Packages submitted.
This is an autogenerated message for OBS integration: This bug (1005274) was mentioned in https://build.opensuse.org/request/show/436512 13.2 / php5
openSUSE-SU-2016:2606-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE 13.2 (src): php5-5.6.1-83.1
SUSE-SU-2016:2668-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Server 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): gd-2.1.0-17.1
SUSE-SU-2016:2670-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gd-2.0.36.RC1-52.25.1 SUSE Linux Enterprise Server 11-SP4 (src): gd-2.0.36.RC1-52.25.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gd-2.0.36.RC1-52.25.1
SUSE-SU-2016:2681-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-87.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-87.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-87.1
SUSE-SU-2016:2683-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php7-7.0.7-20.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-20.1
did not find a php bug / reproducer after a bit of google. QA: NO REPRODUCER
SUSE-SU-2016:2683-2: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-20.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-11-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63166
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-11-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63168
SUSE-SU-2016:2766-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php5-5.5.14-83.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-83.1
openSUSE-SU-2016:2772-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.1 (src): gd-2.1.0-13.1
released
openSUSE-SU-2016:2831-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.1 (src): php5-5.5.14-65.2
openSUSE-SU-2016:2837-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.2 (src): php5-5.5.14-65.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-02-13. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63366
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-02-13. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63367