Sicherheit: Mehrere Probleme in gd

Lesezeichen hinzufügen

Name : gd
Product : Fedora 24
Version : 2.2.3
Release : 1.fc24
URL : http://libgd.github.io/
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

-------------------------------------------------------------------------------
-
Update Information:

**LibGD 2.2.3 release** Security related fixes: This flaw is caused by loading
data from external sources (file, custom ctx, etc) and are hard to validate
before calling libgd APIs: * fix php bug php#72339, Integer Overflow in
_gd2GetHeader (CVE-2016-5766) * bug #248, fix Out-Of-Bounds Read in
read_image_tga Using application provided parameters, in these cases invalid
data causes the issues: * Integer overflow error within
_gdContributionsAlloc() (CVE-2016-6207) * fix php bug php#72494, invalid
color index not handled, can lead to crash * improve color check for
CropThreshold Important update: * gdImageCopyResampled has been
improved. Better handling of images with alpha channel, also brings libgd in
sync with php's bundled gd. This is a recommended update.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1356486 - gd: Out-of-bounds read in function read_image_tga in
gd_tga.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1356486
[ 2 ] Bug #1356467 - CVE-2016-6214 gd: Buffer over-read issue when parsing
crafted TGA file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1356467
[ 3 ] Bug #1352548 - CVE-2016-6132 gd: Buffer over-read issue when parsing
crafted TGA file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1352548
[ 4 ] Bug #1351604 - CVE-2016-6128 gd: Invalid color index not properly
handled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1351604
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update gd' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org