Updated libgd packages fix security vulnerability
Publication date: 20 Feb 2017Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9317 , CVE-2016-6912 , CVE-2016-10166 , CVE-2016-10167 , CVE-2016-10168
Description
OOB reads of the TGA decompression buffer (CVE-2016-6906).
Double-free in gdImageWebPtr() (CVE-2016-6912).
gdImageCreate() doesn't check for oversized images and as such is prone to
DoS vulnerabilities (CVE-2016-9317).
Potential unsigned underflow in gd_interpolation.c (CVE-2016-10166).
DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167).
Signed Integer Overflow gd_io.c (CVE-2016-10168).
References
- https://bugs.mageia.org/show_bug.cgi?id=20171
- https://github.com/libgd/libgd/releases/tag/gd-2.2.4
- http://openwall.com/lists/oss-security/2017/01/26/1
- http://openwall.com/lists/oss-security/2017/01/28/6
- https://www.debian.org/security/2017/dsa-3777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
SRPMS
5/core
- libgd-2.2.4-1.1.mga5