drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in gd
Name: |
Mehrere Probleme in gd |
|
ID: |
FEDORA-2016-e45a7e7b13 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 24 |
|
Datum: |
Sa, 17. Dezember 2016, 00:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 |
|
Applikationen: |
gd |
|
Originalnachricht |
Name : gd Product : Fedora 24 Version : 2.2.3 Release : 5.fc24 URL : http://libgd.github.io/ Summary : A graphics library for quick creation of PNG or JPEG images Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.
------------------------------------------------------------------------------- - Update Information:
- Security fix for CVE-2016-8670 - Security fix for CVE-2016-6911 - Security fix for CVE-2016-7568 - For Fedora 26 disabled two tests - they are failing because of freetype 2.7 (https://github.com/libgd/libgd/issues/302, https://github.com/libgd/libgd/issues/217) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1380450 - CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx https://bugzilla.redhat.com/show_bug.cgi?id=1380450 [ 2 ] Bug #1388787 - CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf() https://bugzilla.redhat.com/show_bug.cgi?id=1388787 [ 3 ] Bug #1391068 - CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf https://bugzilla.redhat.com/show_bug.cgi?id=1391068 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|