Updated libgd packages fix security vulnerability
Publication date: 26 Jul 2016Modification date: 26 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6132 , CVE-2016-6207 , CVE-2016-6214
Description
Updated libgd packages fix security vulnerabilities:
A read out-of-bounds was found in the parsing of TGA files when the header
reports an incorrect size (CVE-2016-6132) or invalid bpp (CVE-2016-6214) or
RLE value (upstream issue 248).
Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207).
A regression in the previous update that caused some packages to fail to
build against libgd has also been fixed (mga#18947).
References
- https://bugs.mageia.org/show_bug.cgi?id=18938
- https://bugs.mageia.org/show_bug.cgi?id=18947
- http://openwall.com/lists/oss-security/2016/06/30/10
- http://openwall.com/lists/oss-security/2016/07/13/12
- http://openwall.com/lists/oss-security/2016/07/12/4
- https://bugs.php.net/bug.php?id=72558
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214
SRPMS
5/core
- libgd-2.2.3-1.1.mga5