SB2018012006 - Infinite loop in php5 (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2018-5711)

The vulnerability exists  in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=3deb517cec296a32e5b25f1a75a48c2026a44af4
• https://git.alpinelinux.org/aports/commit/?id=aad758e364da9a69d0d519b619cc6eb2c7d150f8
• https://git.alpinelinux.org/aports/commit/?id=0a3f40e0ea5d2b68f902eb4528b17327939ee400
• https://git.alpinelinux.org/aports/commit/?id=2af60a5c6e7e457381ff31c346871e7c51812cfa
• https://git.alpinelinux.org/aports/commit/?id=34bc5f16da72bed7c42423c3cfe3cc93fc529c46
• https://git.alpinelinux.org/aports/commit/?id=451ff1929d8530ffbceb863acaeb212e545c3080
• https://git.alpinelinux.org/aports/commit/?id=478332a5a162445bc68e54ef4138ae2a6af382d8
• https://git.alpinelinux.org/aports/commit/?id=4a7ccf578f5caf82b4c9120ac266ff49f245549a
• https://git.alpinelinux.org/aports/commit/?id=51a3714b5e5cf29bd19d94539add9f98b4a86572
• https://git.alpinelinux.org/aports/commit/?id=3836f8ef34d4289d53a268aa6da65cee41c80976
• https://git.alpinelinux.org/aports/commit/?id=e98955a2f39f18ae1b42e7fd84f8bbcd4d533690
• https://git.alpinelinux.org/aports/commit/?id=c85efb30e1a0fd2e5950c1d99484261caa16779c
• https://git.alpinelinux.org/aports/commit/?id=f72329a49b77be5d910dd4f7e923ea3d0fda939b
• https://git.alpinelinux.org/aports/commit/?id=39dff559c574e02ce16541bd4875f79ebe1d9e1c
• https://git.alpinelinux.org/aports/commit/?id=5e4dbc0d75238b02e3ad3bd55b5ac3a8b74bab3a