Security update for gd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0316-1 Final 1 1 2018-01-31T18:35:45Z current 2018-01-31T18:35:45Z 2018-01-31T18:35:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gd This update for gd fixes one issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-01/msg00114.html E-Mail link for openSUSE-SU-2018:0316-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 gd-2.1.0-24.1 gd-32bit-2.1.0-24.1 gd-devel-2.1.0-24.1 gd-2.1.0-24.1 as a component of openSUSE Leap 42.3 gd-32bit-2.1.0-24.1 as a component of openSUSE Leap 42.3 gd-devel-2.1.0-24.1 as a component of openSUSE Leap 42.3 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. CVE-2018-5711 openSUSE Leap 42.3:gd-2.1.0-24.1 openSUSE Leap 42.3:gd-32bit-2.1.0-24.1 openSUSE Leap 42.3:gd-devel-2.1.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00114.html https://www.suse.com/security/cve/CVE-2018-5711.html CVE-2018-5711 https://bugzilla.suse.com/1076391 SUSE Bug 1076391