标签： gd

大嘎好，半吊子运维又出现了。

登录阿里云发现一个新的安全警告。

中危 PHP ‘_gd2GetHeader()’函数整数溢出漏洞 存在EXP 拒绝服务

漏洞描述

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。 PHP的‘_gd2GetHeader()’函数中存在整数溢出漏洞，攻击者可利用该漏洞造成堆缓冲区溢出。

基本信息

• CVE编号: CVE-2016-5766
• 漏洞类型: 拒绝服务,缓冲区溢出
• 危险等级: 中危
• 披露时间: 未知

修复建议

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：
https://bugs.php.net/bug.php?id=72339

参考链接

• http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1
• http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
• http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
• http://php.net/ChangeLog-5.php
• http://php.net/ChangeLog-7.php
• http://www.debian.org/security/2016/dsa-3619
• http://www.openwall.com/lists/oss-security/2016/06/23/4
• http://www.ubuntu.com/usn/USN-3030-1
• https://bugs.php.net/bug.php?id=72339
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
• https://libgd.github.io/release-2.2.3.html

稍微看了一下，登录到服务器，进行更新

#yum update gd
Loaded plugins: fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile

• base: mirrors.163.com
• epel: mirror.sjtu.edu.cn
• extras: mirrors.163.com
• remi-safe: mirrors.tuna.tsinghua.edu.cn
• updates: mirrors.aliyun.com
  Resolving Dependencies
  –> Running transaction check
  —> Package gd.x86_64 0:2.0.35-26.el7 will be updated
  —> Package gd.x86_64 0:2.0.35-27.el7_9 will be an update
  –> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

Updating:
gd x86_64 2.0.35-27.el7_9 updates 146 k

Transaction Summary

Upgrade 1 Package

Total download size: 146 k

Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
gd-2.0.35-27.el7_9.x86_64.rpm | 146 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : gd-2.0.35-27.el7_9.x86_64 1/2
Cleanup : gd-2.0.35-26.el7.x86_64 2/2
Verifying : gd-2.0.35-27.el7_9.x86_64 1/2
Verifying : gd-2.0.35-26.el7.x86_64 2/2

Updated:
gd.x86_64 0:2.0.35-27.el7_9

Complete!

保险起见，重启一下，正好现在没有人用

#reboot

然后登录应用系统，貌似一切正常哦。

打完，收工。