Bug 1022264 (CVE-2016-10167) - VUL-1: CVE-2016-10167: gd,php5,php53,php7: DOS vulnerability in gdImageCreateFromGd2Ctx()
Summary: VUL-1: CVE-2016-10167: gd,php5,php53,php7: DOS vulnerability in gdImageCreate...
Status: RESOLVED FIXED
Alias: CVE-2016-10167
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Deadline: 2017-02-16
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:63366:moderate CVSSv2:S...
Keywords:
Depends on: 1022069
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-27 12:56 UTC by Andreas Stieger
Modified: 2017-09-19 22:37 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
ext_gd_tests_bug73868.gd2 (1.03 KB, application/octet-stream)
2017-02-14 09:03 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-27 12:56:44 UTC 
+++ This bug was initially created as a clone of Bug #1022069 +++

Ref: http://seclists.org/oss-sec/2017/q1/202
===============================================

2/ Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Commit: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
Comment 1 Swamp Workflow Management 2017-01-27 23:01:28 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-01-30 12:23:09 UTC 
Seems to affect all packages
Comment 3 Swamp Workflow Management 2017-01-30 13:08:45 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63366
Comment 4 Swamp Workflow Management 2017-01-30 13:24:15 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63367
Comment 6 Petr Gajdos 2017-01-31 12:22:41 UTC 
For the testcase from php commit:

BEFORE

$ php test.php
resource(5) of type (gd)
$

AFTER

$ php test.php
PHP Warning:  imagecreatefromgd2(): gd2: EOF while reading
 in /022264/test.php on line 2
PHP Warning:  imagecreatefromgd2(): '/022264/bug73868.gd2' is not a valid GD2 file in /022264/test.php on line 2
bool(false)
$
Comment 8 Petr Gajdos 2017-02-01 14:53:39 UTC 
I believe all fixed.
Comment 10 Swamp Workflow Management 2017-02-02 16:16:06 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63376
Comment 11 Marcus Meissner 2017-02-14 09:03:48 UTC 
Created attachment 713956 [details]
ext_gd_tests_bug73868.gd2

QA REPRODUCER (for gd):

gd2togif ext_gd_tests_bug73868.gd2 foo.gif

should report 
GD Warning: gd2: EOF while reading
Input is not in GD2 format!
Comment 12 Swamp Workflow Management 2017-02-14 17:08:38 UTC 
SUSE-SU-2017:0459-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022264,1022265,1022283
CVE References: CVE-2016-10167,CVE-2016-10168,CVE-2016-9317
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Server 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gd-2.0.36.RC1-52.32.1
Comment 13 Swamp Workflow Management 2017-02-15 11:10:10 UTC 
SUSE-SU-2017:0468-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-23.1
Comment 15 Swamp Workflow Management 2017-02-22 14:10:17 UTC 
SUSE-SU-2017:0534-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1008026,1019547,1019550,1019568,1019570,1022219,1022255,1022257,1022260,1022262,1022263,1022264,1022265
CVE References: CVE-2016-10158,CVE-2016-10159,CVE-2016-10160,CVE-2016-10161,CVE-2016-10162,CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-7478,CVE-2016-7479,CVE-2016-7480,CVE-2016-9138,CVE-2017-5340
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php7-7.0.7-35.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php7-7.0.7-35.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-35.1
Comment 16 Swamp Workflow Management 2017-02-22 20:32:06 UTC 
openSUSE-SU-2017:0548-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
openSUSE Leap 42.2 (src):    gd-2.1.0-16.1
openSUSE Leap 42.1 (src):    gd-2.1.0-19.1
Comment 17 Swamp Workflow Management 2017-02-23 14:09:24 UTC 
SUSE-SU-2017:0556-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1019550,1022219,1022255,1022257,1022260,1022263,1022264,1022265
CVE References: CVE-2016-10158,CVE-2016-10159,CVE-2016-10160,CVE-2016-10161,CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-7478
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php5-5.5.14-96.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-96.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-96.1
Comment 18 Swamp Workflow Management 2017-02-27 17:09:57 UTC 
SUSE-SU-2017:0568-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1019550,1022219,1022255,1022257,1022260,1022263,1022264,1022265
CVE References: CVE-2016-10158,CVE-2016-10159,CVE-2016-10160,CVE-2016-10161,CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-7478
Sources used:
SUSE OpenStack Cloud 5 (src):    php53-5.3.17-101.1
SUSE Manager Proxy 2.1 (src):    php53-5.3.17-101.1
SUSE Manager 2.1 (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-101.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    php53-5.3.17-101.1
Comment 19 Swamp Workflow Management 2017-03-02 14:14:04 UTC 
openSUSE-SU-2017:0588-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1008026,1019547,1019550,1019568,1019570,1022219,1022255,1022257,1022260,1022262,1022263,1022264,1022265
CVE References: CVE-2016-10158,CVE-2016-10159,CVE-2016-10160,CVE-2016-10161,CVE-2016-10162,CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-7478,CVE-2016-7479,CVE-2016-7480,CVE-2016-9138,CVE-2017-5340
Sources used:
openSUSE Leap 42.2 (src):    php7-7.0.7-12.1
Comment 21 Marcus Meissner 2017-05-22 15:34:53 UTC 
released
Comment 22 Bernhard Wiedemann 2017-07-17 10:00:39 UTC 
This is an autogenerated message for OBS integration:
This bug (1022264) was mentioned in
https://build.opensuse.org/request/show/510888 Factory / gd