|
|
Log in / Subscribe / Register

Mageia alert MGASA-2017-0246 (php, libgd)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0246: Updated php and libgd packages fix security vulnerabilities 


Date:
    	      Tue, 8 Aug 2017 00:17:00 +0200


Message-ID:
    	      <20170807221700.E000E9F877@duvel.mageia.org>


MGASA-2017-0246 - Updated php and libgd packages fix security vulnerabilities

Publication date: 07 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0246.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-7890,
     CVE-2017-9224,
     CVE-2017-9226,
     CVE-2017-9227,
     CVE-2017-9228,
     CVE-2017-9229

Description:
Buffer over-read into uninitialized memory in libgd (CVE-2017-7890).

Security issues from bundled oniguruma in php-mbstring (CVE-2017-9224,
CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21316
- http://php.net/ChangeLog-5.php#5.6.31
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229

SRPMS:
- 6/core/libgd-2.2.4-3.1.mga6
- 6/core/php-5.6.31-1.mga6
- 5/core/libgd-2.2.4-1.2.mga5
- 5/core/php-5.6.31-1.mga5
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds