SUSE-SU-2020:0623-1

Details

Description of the patch:

This update for gd fixes the following issues:

CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241).
CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471).
CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).

Affected Packages

gd

SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

2.1.0-24.17.1

gd-32bit

SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Workstation Extension 12 SP4SUSE Linux Enterprise Workstation Extension 12 SP5

Fixed in:

2.1.0-24.17.1

gd-devel

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.1.0-24.17.1

References

ADVISORY