[v2.7] php: remote DoS (CVE-2013-7327)
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.
•CONFIRM:
http://git.php.net/?p=php-src.git;a=commit;h=8f4a5373bb71590352fd934028d6dde5bc18530b
•CONFIRM: https://bugs.php.net/bug.php?id=66356
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1065108
•UBUNTU:USN-2126-1
•URL: http://www.ubuntu.com/usn/USN-2126-1
(from redmine: issue id 2790, created on 2014-03-27, closed on 2014-04-17)
- Changesets:
- Revision 0e71c2e4 by Natanael Copa on 2014-04-17T09:43:41Z:
main/php: security upgrade to 5.5.11 (CVE-2013-7327)
fixes #2790