Bug 1022283 - (CVE-2016-9317) VUL-0: CVE-2016-9317: php5,php53,php7,gd: DoS via oversized image
(CVE-2016-9317)
VUL-0: CVE-2016-9317: php5,php53,php7,gd: DoS via oversized image
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/179221/
CVSSv2:SUSE:CVE-2016-9317:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-27 14:32 UTC by Andreas Stieger
Modified: 2017-09-20 06:38 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2017-01-27 23:02:00 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2017-01-30 13:09:15 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63366
Comment 3 Swamp Workflow Management 2017-01-30 13:23:26 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63367
Comment 4 Petr Gajdos 2017-01-31 12:50:15 UTC
php bug:

https://bugs.php.net/bug.php?id=73504

I also checked our php versions, we have 

https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1

already in. Other parts of commit to master branch

https://github.com/libgd/libgd/commit/c3cf674cb444696a36f720f785878b41225af063

does not look like a fix for this bug, nor a security problem (please correct me).

php: not affected
Comment 5 Andreas Stieger 2017-01-31 12:55:19 UTC
I think that the other parts are also required, and that these were fixes in separate commits around the same problem.
Comment 6 Petr Gajdos 2017-01-31 14:27:13 UTC
(In reply to Andreas Stieger from comment #5)
> I think that the other parts are also required, and that these were fixes in
> separate commits around the same problem.

There are two other parts:


-	if (overflow2(sizeof (unsigned char *), sx)) {
+	if (overflow2(sizeof (unsigned char), sx)) {


-	if (overflow2(sizeof(int *), sx)) {
+	if (overflow2(sizeof(int), sx)) {

Both look like relaxing the condition at most, or am I wrong?
Comment 7 Petr Gajdos 2017-02-01 13:10:17 UTC
all gd affected
Comment 8 Andreas Stieger 2017-02-01 13:24:43 UTC
The commit message sais that "overflow2(sx, sy)" is a "quick check for totally oversized images", and the others are for correctness of further overflow checks.

Since the backport into gd 2.2 is only for the former, I think this is what we'd use for backports.
Comment 9 Petr Gajdos 2017-02-01 14:54:31 UTC
I believe all fixed.
Comment 11 Swamp Workflow Management 2017-02-02 16:15:37 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63376
Comment 12 Swamp Workflow Management 2017-02-14 17:08:58 UTC
SUSE-SU-2017:0459-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022264,1022265,1022283
CVE References: CVE-2016-10167,CVE-2016-10168,CVE-2016-9317
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
Comment 13 Swamp Workflow Management 2017-02-15 11:10:30 UTC
SUSE-SU-2017:0468-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-23.1
Comment 14 Swamp Workflow Management 2017-02-22 20:32:26 UTC
openSUSE-SU-2017:0548-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
openSUSE Leap 42.2 (src):    gd-2.1.0-16.1
openSUSE Leap 42.1 (src):    gd-2.1.0-19.1
Comment 15 Marcus Meissner 2017-05-22 15:35:30 UTC
released
Comment 16 Bernhard Wiedemann 2017-07-17 10:00:50 UTC
This is an autogenerated message for OBS integration:
This bug (1022283) was mentioned in
https://build.opensuse.org/request/show/510888 Factory / gd