Updated libgd packages fix security vulnerability
Publication date: 05 Oct 2017Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6362
Description
Double free vulnerability in the gdImagePngPtr function in libgd2 before
2.2.5 allows remote attackers to cause a denial of service via vectors
related to a palette with no colors. (CVE-2017-6362)
References
- https://bugs.mageia.org/show_bug.cgi?id=21659
- http://libgd.github.io/release-2.2.5.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/
- https://www.debian.org/security/2017/dsa-3961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362
SRPMS
5/core
- libgd-2.2.5-1.mga5
6/core
- libgd-2.2.5-1.mga6