Mageia Advisory: MGASA-2016-0242 - Updated libgd packages fix security vulnerability

Updated libgd packages fix security vulnerability

Publication date: 05 Jul 2016
Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8874 , CVE-2016-5766 , CVE-2016-5767 , CVE-2016-6128

Description

Stack overflow with imagefilltoborder (CVE-2015-8874).

Integer Overflow in _gd2GetHeader() resulting in heap overflow
(CVE-2016-5766).

Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
(CVE-2016-5767).

Improperly handling invalid color index in gdImageCropThreshold() could
result in denial of service (CVE-2016-6128).

References

https://bugs.mageia.org/show_bug.cgi?id=18805
https://github.com/libgd/libgd/releases/tag/gd-2.2.2
http://php.net/ChangeLog-5.php#5.6.23
http://openwall.com/lists/oss-security/2016/06/30/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128

SRPMS

5/core

libgd-2.2.2-1.1.mga5

Advisories » MGASA-2016-0242

Updated libgd packages fix security vulnerability

Description

References

SRPMS

5/core