A flaw was found libgd in PHP that affects all versions. An infinite loop in GD GIF core parsing function that results in a Denial of Service and exhausted the server resources. References: http://php.net/ChangeLog-5.php#5.6.33 https://bugs.php.net/bug.php?id=75571 Patch: https://bugs.php.net/patch-display.php?bug=75571&patch=fix-75571&revision=1511981663
Created php tracking bugs for this issue: Affects: fedora-all [bug 1535247]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296
PHP upstream commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=8d6e9588671136837533fe3785657c31c5b52767 libgd upstream merge request and commit: https://github.com/libgd/libgd/issues/420 https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-5711