Bugzilla – Bug 995034
VUL-0: CVE-2016-6905: gd: Out-of-bounds read in function read_image_tga in gd_tga.c
Last modified: 2017-05-22 15:34:36 UTC
rh#1356485 https://github.com/libgd/libgd/issues/248 https://github.com/libgd/libgd/pull/251 https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186 https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03 not a duplicate of issue #247 Use CVE-2016-6905. References: https://bugzilla.redhat.com/show_bug.cgi?id=1356485 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6905 http://seclists.org/oss-sec/2016/q3/363
as far as I see our sle11 gd does not have TGA support. sle12 and opensuse affected. embedded libgd in php* is older, seems not to contain TGA support.
(In reply to Marcus Meissner from comment #1) > as far as I see our sle11 gd does not have TGA support. > > sle12 and opensuse affected. Yes. > embedded libgd in php* is older, seems not to contain TGA support. Yes (even for php7).
This is an autogenerated message for OBS integration: This bug (995034) was mentioned in https://build.opensuse.org/request/show/421247 Factory / gd
Guys, I am little bit confused. We have three bugs in regard of gd tga support): bug 987577 (CVE-2016-6132) bug 991436 (CVE-2016-6214) this bug 995034 (CVE-2016-6905) It seems that I failed to find correct commits for them. I will write down what I think now which commits are assigned to each bug/CVE, please confirm I am correct. (A) bug 987577 (CVE-2016-6132) https://github.com/libgd/libgd/commit/921e590565deb033acafcfa9063b4563200b14b5 referenced from https://github.com/libgd/libgd/issues/247 (B) bug 991436 (CVE-2016-6214) https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7 referenced from https://github.com/libgd/libgd/issues/247 and http://seclists.org/oss-sec/2016/q3/62 (C) bug 995034 (CVE-2016-6905) https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186 https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03 referenced from https://github.com/libgd/libgd/issues/248 Am I now correct? Currently we have these commits from (C) assigned to CVE-2016-6214 and the commit from (B) assigned to CVE-2016-6132, if I am still not completely lost.
Okay, thanks. See new submissions for sle12 and 13.2.
This is an autogenerated message for OBS integration: This bug (995034) was mentioned in https://build.opensuse.org/request/show/421269 Factory / gd https://build.opensuse.org/request/show/421283 13.2 / gd
bugbot adjusting priority
openSUSE-SU-2016:2203-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 995034 CVE References: CVE-2016-6905 Sources used: openSUSE 13.2 (src): gd-2.1.0-7.14.1
Requests got accepted.
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 982176,987577,988032,991436,991622,991710,995034 CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Server 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Desktop 12-SP1 (src): gd-2.1.0-12.1
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 982176,987577,988032,991436,991622,991710,995034 CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905 Sources used: openSUSE Leap 42.1 (src): gd-2.1.0-10.1
released