Bug 991622 - VUL-0: CVE-2016-6207: gd: Integer overflow error within _gdContributionsAlloc()
VUL-0: CVE-2016-6207: gd: Integer overflow error within _gdContributionsAlloc()
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/171232/
CVSSv2:SUSE:CVE-2016-6207:6.8:(AV:N/A...
:
Depends on: CVE-2016-6207
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-02 08:33 UTC by Sebastian Krahmer
Modified: 2017-05-22 14:29 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-08-02 08:33:34 UTC
+++ This bug was initially created as a clone of Bug #991434 +++

Quoting from RH BZ:

An integer overflow vulnerability was found in _gdContributionsAlloc() function in gd_interpolation.c that can lead to out-of-bounds write.


rh#1359800

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1359800
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6207
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6207.html
http://www.debian.org/security/2016/dsa-3630
Comment 2 Swamp Workflow Management 2016-08-08 11:45:54 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-08-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62929
Comment 3 Petr Gajdos 2016-08-08 12:47:33 UTC
affected: 13.2/gd, 12/gd
not affected: 11/gd
Comment 5 Petr Gajdos 2016-08-08 13:39:11 UTC
I believe all affected code streams are fixed.
Comment 6 Bernhard Wiedemann 2016-08-08 14:01:11 UTC
This is an autogenerated message for OBS integration:
This bug (991622) was mentioned in
https://build.opensuse.org/request/show/417845 13.2 / gd
Comment 8 Swamp Workflow Management 2016-08-19 17:11:06 UTC
openSUSE-SU-2016:2117-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987577,988032,991436,991622,991710
CVE References: CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214
Sources used:
openSUSE 13.2 (src):    gd-2.1.0-7.11.1
Comment 10 Swamp Workflow Management 2016-09-14 11:11:10 UTC
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-12.1
Comment 11 Swamp Workflow Management 2016-09-24 00:09:56 UTC
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
openSUSE Leap 42.1 (src):    gd-2.1.0-10.1
Comment 12 Marcus Meissner 2017-05-22 14:29:54 UTC
released