Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in gd
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in gd
ID: FEDORA-2017-2717b02630
Distribution: Fedora
Plattformen: Fedora 24
Datum: Di, 24. Januar 2017, 07:23
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912

Originalnachricht

Name        : gd
Product : Fedora 24
Version : 2.2.4
Release : 1.fc24
URL : http://libgd.github.io/
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

-------------------------------------------------------------------------------
-
Update Information:

## Version 2.2.4 - 2017-01-18 ### Security - gdImageCreate() doesn't
check for
oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
- double-free in gdImageWebPtr() (CVE-2016-6912) - potential unsigned underflow
in gd_interpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx() ###
Fixed - Fix #354: Signed Integer Overflow gd_io.c - Fix #340: System frozen -
Fix OOB reads of the TGA decompression buffer - Fix DOS vulnerability in
gdImageCreateFromGd2Ctx() - Fix potential unsigned underflow - Fix double-free
in gdImageWebPtr() - Fix invalid read in gdImageCreateFromTiffPtr() - Fix OOB
reads of the TGA decompression buffer - Fix #68: gif: buffer underflow reported
by AddressSanitizer - Avoid potentially dangerous signed to unsigned conversion
- Fix #304: test suite failure in gif/bug00006 [2.2.3] - Fix #329:
GD_BILINEAR_FIXED gdImageScale() can cause black border - Fix #330: Integer
overflow in gdImageScaleBilinearPalette() - Fix 321: Null pointer dereferences
in gdImageRotateInterpolated - Fix whitespace and add missing comment block -
Fix #319: gdImageRotateInterpolated can have wrong background color - Fix color
quantization documentation - Fix #309: gdImageGd2() writes wrong chunk sizes on
boundaries - Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag - Fix
#300: gdImageClone() assigns res_y = res_x - Fix #299: Regression regarding
gdImageRectangle() with gdImageSetThickness() - Replace GNU old-style field
designators with C89 compatible initializers - Fix #297: gdImageCrop() converts
palette image to truecolor image - Fix #290: TGA RLE decoding is broken - Fix
unnecessary non NULL checks - Fix #289: Passing unrecognized formats to
gdImageGd2 results in corrupted files - Fix #280: gdImageWebpEx()
`quantization`
parameter is a misnomer - Publish all gdImageCreateFromWebp*() functions and
gdImageWebpCtx() - Fix issue #276: Sometimes pixels are missing when storing
images as BMPs - Fix issue #275: gdImageBmpCtx() may segfault for non-seekable
contexts - Fix copy&paste error in gdImageScaleBicubicFixed() ### Added -
More
documentation - Documentation on GD and GD2 formats - More tests
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade gd' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung