Debian-LTS has issued an advisory on May 19: http://lwn.net/Alerts/688192/ Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libgd packages fix security vulnerability: It was discovered that there was a stack consumption vulnerability in the libgd2 graphics library which allowed remote attackers to cause a denial of service via a crafted imagefilltoborder() call (CVE-2015-8874). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874 http://lwn.net/Alerts/688192/ ======================== Updated packages in core/updates_testing: ======================== libgd3-2.1.1-1.2.mga5 libgd-devel-2.1.1-1.2.mga5 libgd-static-devel-2.1.1-1.2.mga5 gd-utils-2.1.1-1.2.mga5 from libgd-2.1.1-1.2.mga5.src.rpm
Unfortunately this was missed when we updated to PHP 5.6.12. From the upstream PHP bug: https://bugs.php.net/bug.php?id=66387 PoC is: <?php $im = imagecreatetruecolor(20, 20); $c = imagecolorallocate($im, 255, 0, 0); imagefilltoborder($im, 0, -999355, $c, $c); ?> save that as foo.php and run "php foo.php" and you get a segfault.
Whiteboard: (none) => has_procedure
Mageia 5 i586, after the update, no segfault.
Whiteboard: has_procedure => has_procedure MGA5-32-OK
Tested mga5 64 Validating
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure advisory mga5-64-ok MGA5-32-OKCC: (none) => sysadmin-bugs
Had just done the x64 test... To confirm Claire's findings. Testing M5 x64 @David: Thanks for the neat test in Comment 1. BEFORE update: lib64gd3-2.1.1-1.1.mga5 gd-utils-2.1.1-1.1.mga5 $ php foo.php Segmentation fault AFTER update: lib64gd3-2.1.1-1.2.mga5 gd-utils-2.1.1-1.2.mga5 $ php foo.php $ So the update is fine.
CC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0203.html
Status: NEW => RESOLVEDResolution: (none) => FIXED