SUSE-SU-2016:2303-1
Vulnerability Summary
Timeline
Description
Security update for gd This update for gd fixes the following issues: * CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436] * CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577] * CVE-2016-6128: Invalid color index not properly handled [bsc#991710] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176] * CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034]
Affected Systems
- suse•gd&distro=SUSE Linux Enterprise Desktop 12 SP1
< 2.1.0-12.1
- suse•gd&distro=SUSE Linux Enterprise Server 12 SP1
< 2.1.0-12.1
- suse•gd&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 2.1.0-12.1
- suse•gd&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 2.1.0-12.1
- suse•gd&distro=SUSE Linux Enterprise Workstation Extension 12 SP1
< 2.1.0-12.1
References (15)
- https://www.suse.com/support/update/announcement/2016/suse-su-20162303-1/
- https://bugzilla.suse.com/982176
- https://bugzilla.suse.com/987577
- https://bugzilla.suse.com/988032
- https://bugzilla.suse.com/991436
- https://bugzilla.suse.com/991622
- https://bugzilla.suse.com/991710
- https://bugzilla.suse.com/995034
- https://www.suse.com/security/cve/CVE-2016-5116
- https://www.suse.com/security/cve/CVE-2016-6128
- https://www.suse.com/security/cve/CVE-2016-6132
- https://www.suse.com/security/cve/CVE-2016-6161
- https://www.suse.com/security/cve/CVE-2016-6207
- https://www.suse.com/security/cve/CVE-2016-6214
- https://www.suse.com/security/cve/CVE-2016-6905