Updated php and libgd packages fix security vulnerabilities
Publication date: 07 Aug 2017Modification date: 07 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7890 , CVE-2017-9224 , CVE-2017-9226 , CVE-2017-9227 , CVE-2017-9228 , CVE-2017-9229
Description
Buffer over-read into uninitialized memory in libgd (CVE-2017-7890).
Security issues from bundled oniguruma in php-mbstring (CVE-2017-9224,
CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229).
References
- https://bugs.mageia.org/show_bug.cgi?id=21316
- http://php.net/ChangeLog-5.php#5.6.31
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229
SRPMS
5/core
- libgd-2.2.4-1.2.mga5
- php-5.6.31-1.mga5
6/core
- libgd-2.2.4-3.1.mga6
- php-5.6.31-1.mga6