Advisories » MGASA-2016-0421

Updated libgd packages fixe security vulnerabilities

Publication date: 22 Dec 2016
Modification date: 22 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6911 , CVE-2016-8670

Description

Ibrahim El-Sayed discovered that the GD library incorrectly handled
certain malformed Tiff images. If a user or automated system were
tricked into processing a specially crafted Tiff image, an attacker
could cause a denial of service (CVE-2016-6911).

Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into processing a specially crafted image, an attacker could cause a
denial of service, or possibly execute arbitrary code (CVE-2016-8670).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19594
• http://www.ubuntu.com/usn/usn-3117-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670

SRPMS

5/core

• libgd-2.2.3-1.4.mga5