Bugzilla – Bug 1190400
VUL-0: CVE-2021-40812: php7,php74,gd,php72,php53,php5: out-of-bounds read in GD library
Last modified: 2022-06-07 11:59:45 UTC
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812 https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 https://github.com/libgd/libgd/issues/750#issuecomment-914872385
Affected packages: gd: - SUSE:SLE-12:Update/gd 2.1.0 - SUSE:SLE-15:Update/gd 2.2.5 - SUSE:SLE-15-SP2:Update/gd 2.2.5 - openSUSE:Factory/gd 2.3.2 php: - SUSE:SLE-12:Update/php7 7.0.7 - SUSE:SLE-12:Update/php72 7.2.5 - SUSE:SLE-12:Update/php74 7.4.6 - SUSE:SLE-15-SP2:Update/php7 7.4.6 - SUSE:SLE-15:Update/php7 7.2.5 - openSUSE:Factory/php7 7.4.23 Also all the php5/php53/older gd packages should be affected (only for the GIF part, see below). Upstream released a partial fix for this, valid only for BMP and WebP [0]. There isn't a fix for GIF at the moment, and seems it will require ABI/APIs breaks [1]. [0] https://github.com/libgd/libgd/pull/755 [1] https://github.com/libgd/libgd/issues/757
> gd: > > - SUSE:SLE-12:Update/gd 2.1.0 submitted > - SUSE:SLE-15:Update/gd 2.2.5 submitted > - SUSE:SLE-15-SP2:Update/gd 2.2.5 submitted > - openSUSE:Factory/gd 2.3.2 version updated to 2.3.3 > php: > > - SUSE:SLE-12:Update/php7 7.0.7 According to this: https://confluence.suse.com/display/SLE/PHP it is no longer supported. > - SUSE:SLE-12:Update/php72 7.2.5 Links to system library, no need to fix in php. > - SUSE:SLE-12:Update/php74 7.4.6 Links to system library, no need to fix in php. > - SUSE:SLE-15-SP2:Update/php7 7.4.6 Links to system library, no need to fix in php. > - SUSE:SLE-15:Update/php7 7.2.5 Links to system library, no need to fix in php. > - openSUSE:Factory/php7 7.4.23 Both php7 and php8 links to system library, no need to fix in php. > Also all the php5/php53/older gd packages should be affected (only for the > GIF part, see below). Agreed. PHP uses own copy of libgd. And yes, 11/gd will have to be fixed.
Summary: bmp, webp part: submitted to TW/gd, 15sp2/gd, 15/gd, 12/gd => fixed everywhere gif part: missing in TW/gd, 15sp2/gd, 15/gd, 12/gd, 11/gd, 11sp3/php53, 11/php5 I believe bmp, web part fixed.
This is an autogenerated message for OBS integration: This bug (1190400) was mentioned in https://build.opensuse.org/request/show/918865 Factory / gd
Reassign back because of gif part.
SUSE-SU-2021:3214-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190400 CVE References: CVE-2021-40812 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): gd-2.1.0-24.20.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): gd-2.1.0-24.20.1 SUSE Linux Enterprise Server 12-SP5 (src): gd-2.1.0-24.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3236-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190400 CVE References: CVE-2021-40812 JIRA References: Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): gd-2.2.5-11.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): gd-2.2.5-11.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): gd-2.2.5-11.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): gd-2.2.5-11.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): gd-2.2.5-11.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): gd-2.2.5-11.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3236-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190400 CVE References: CVE-2021-40812 JIRA References: Sources used: openSUSE Leap 15.3 (src): gd-2.2.5-11.3.1
GIF part upstream issue https://github.com/libgd/libgd/issues/757 No progress so far.
(In reply to Petr Gajdos from comment #10) > GIF part upstream issue > https://github.com/libgd/libgd/issues/757 > No progress so far. Still, no progress.