advisories/26306.adv

type: security
subject: Updated libgd packages fix security vulnerability
CVE:
 - CVE-2019-11038
src:
  7:
   core:
     - libgd-2.2.5-5.2.mga7
description: |
  The updated packages fix a security vulnerability:

  When using the gdImageCreateFromXbm() function in the GD Graphics Library
  (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x
  below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to
  supply data that will cause the function to use the value of uninitialized
  variable. This may lead to disclosing contents of the stack that has been
  left there by previous code. (CVE-2019-11038)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=26306
 - http://lists.suse.com/pipermail/sle-security-updates/2020-March/006579.html
ID: MGASA-2020-0134
1	type: security
2	subject: Updated libgd packages fix security vulnerability
3	CVE:
4	- CVE-2019-11038
5	src:
6	7:
7	core:
8	- libgd-2.2.5-5.2.mga7
9	description: \|
10	The updated packages fix a security vulnerability:
11
12	When using the gdImageCreateFromXbm() function in the GD Graphics Library
13	(aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x
14	below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to
15	supply data that will cause the function to use the value of uninitialized
16	variable. This may lead to disclosing contents of the stack that has been
17	left there by previous code. (CVE-2019-11038)
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=26306
20	- http://lists.suse.com/pipermail/sle-security-updates/2020-March/006579.html
21	ID: MGASA-2020-0134