FEDORA-2016-615f3bf06e created by remi 3 years ago for Fedora 24
stable

LibGD 2.2.3 release

Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs:

  • fix php bug #72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
  • bug #248, fix Out-Of-Bounds Read in read_image_tga

Using application provided parameters, in these cases invalid data causes the issues:

  • Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
  • fix php bug #72494, invalid color index not handled, can lead to crash
  • improve color check for CropThreshold

Important update:

  • gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd.

This is a recommended update.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-615f3bf06e

This update has been submitted for testing by remi.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

User Icon heikoada commented & provided feedback 3 years ago
karma

LGTM

This update has been submitted for stable by bodhi.

3 years ago
User Icon hreindl commented & provided feedback 3 years ago
karma

works for me

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1351604 CVE-2016-6128 gd: Invalid color index not properly handled [fedora-all]
0
0
BZ#1352548 CVE-2016-6132 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all]
0
0
BZ#1356467 CVE-2016-6214 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all]
0
0
BZ#1356486 gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all]
0
0

Automated Test Results