Name : gd Product : Fedora 24 Version : 2.2.3 Release : 1.fc24 URL : http://libgd.github.io/ Summary : A graphics library for quick creation of PNG or JPEG images Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.
------------------------------------------------------------------------------- - Update Information:
**LibGD 2.2.3 release** Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug php#72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug #248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug php#72494, invalid color index not handled, can lead to crash * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. This is a recommended update. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1356486 - gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1356486 [ 2 ] Bug #1356467 - CVE-2016-6214 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1356467 [ 3 ] Bug #1352548 - CVE-2016-6132 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1352548 [ 4 ] Bug #1351604 - CVE-2016-6128 gd: Invalid color index not properly handled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1351604 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update gd' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
|