--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-2717b02630
2017-01-23 23:54:30.270365
--------------------------------------------------------------------------------

Name        : gd
Product     : Fedora 24
Version     : 2.2.4
Release     : 1.fc24
URL         : https://libgd.github.io/
Summary     : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

--------------------------------------------------------------------------------
Update Information:

## Version 2.2.4 - 2017-01-18  ### Security  - gdImageCreate() doesn't check for
oversized images and as such is   prone to DoS vulnerabilities. (CVE-2016-9317)
- double-free in gdImageWebPtr() (CVE-2016-6912) - potential unsigned underflow
in gd_interpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx()  ###
Fixed  - Fix #354: Signed Integer Overflow gd_io.c - Fix #340: System frozen -
Fix OOB reads of the TGA decompression buffer - Fix DOS vulnerability in
gdImageCreateFromGd2Ctx() - Fix potential unsigned underflow - Fix double-free
in gdImageWebPtr() - Fix invalid read in gdImageCreateFromTiffPtr() - Fix OOB
reads of the TGA decompression buffer - Fix #68: gif: buffer underflow reported
by AddressSanitizer - Avoid potentially dangerous signed to unsigned conversion
- Fix #304: test suite failure in gif/bug00006 [2.2.3] - Fix #329:
GD_BILINEAR_FIXED gdImageScale() can cause black border - Fix #330: Integer
overflow in gdImageScaleBilinearPalette() - Fix 321: Null pointer dereferences
in gdImageRotateInterpolated - Fix whitespace and add missing comment block -
Fix #319: gdImageRotateInterpolated can have wrong background color - Fix color
quantization documentation - Fix #309: gdImageGd2() writes wrong chunk sizes on
boundaries - Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag - Fix
#300: gdImageClone() assigns res_y = res_x - Fix #299: Regression regarding
gdImageRectangle() with gdImageSetThickness() - Replace GNU old-style field
designators with C89 compatible initializers - Fix #297: gdImageCrop() converts
palette image to truecolor image - Fix #290: TGA RLE decoding is broken - Fix
unnecessary non NULL checks - Fix #289: Passing unrecognized formats to
gdImageGd2 results in corrupted files - Fix #280: gdImageWebpEx() `quantization`
parameter is a misnomer - Publish all gdImageCreateFromWebp*() functions and
gdImageWebpCtx() - Fix issue #276: Sometimes pixels are missing when storing
images as BMPs - Fix issue #275: gdImageBmpCtx() may segfault for non-seekable
contexts - Fix copy&paste error in gdImageScaleBicubicFixed()  ### Added  - More
documentation - Documentation on GD and GD2 formats - More tests
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade gd' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 24: gd Security Update 2017-2717b02630

January 24, 2017
## Version 2.2.4 - 2017-01-18 ### Security - gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities

Summary

The gd graphics library allows your code to quickly draw images

complete with lines, arcs, text, multiple colors, cut and paste from

other images, and flood fills, and to write out the result as a PNG or

JPEG file. This is particularly useful in Web applications, where PNG

and JPEG are two of the formats accepted for inline images by most

browsers. Note that gd is not a paint program.

Update Information:

## Version 2.2.4 - 2017-01-18 ### Security - gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) - double-free in gdImageWebPtr() (CVE-2016-6912) - potential unsigned underflow in gd_interpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx() ### Fixed - Fix #354: Signed Integer Overflow gd_io.c - Fix #340: System frozen - Fix OOB reads of the TGA decompression buffer - Fix DOS vulnerability in gdImageCreateFromGd2Ctx() - Fix potential unsigned underflow - Fix double-free in gdImageWebPtr() - Fix invalid read in gdImageCreateFromTiffPtr() - Fix OOB reads of the TGA decompression buffer - Fix #68: gif: buffer underflow reported by AddressSanitizer - Avoid potentially dangerous signed to unsigned conversion - Fix #304: test suite failure in gif/bug00006 [2.2.3] - Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border - Fix #330: Integer overflow in gdImageScaleBilinearPalette() - Fix 321: Null pointer dereferences in gdImageRotateInterpolated - Fix whitespace and add missing comment block - Fix #319: gdImageRotateInterpolated can have wrong background color - Fix color quantization documentation - Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries - Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag - Fix #300: gdImageClone() assigns res_y = res_x - Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness() - Replace GNU old-style field designators with C89 compatible initializers - Fix #297: gdImageCrop() converts palette image to truecolor image - Fix #290: TGA RLE decoding is broken - Fix unnecessary non NULL checks - Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files - Fix #280: gdImageWebpEx() `quantization` parameter is a misnomer - Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx() - Fix issue #276: Sometimes pixels are missing when storing images as BMPs - Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts - Fix copy&paste error in gdImageScaleBicubicFixed() ### Added - More documentation - Documentation on GD and GD2 formats - More tests

Change Log

References

Fedora Update Notification FEDORA-2017-2717b02630 2017-01-23 23:54:30.270365 Name : gd Product : Fedora 24 Version : 2.2.4 Release : 1.fc24 URL : https://libgd.github.io/ Summary : A graphics library for quick creation of PNG or JPEG images Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : gd
Product : Fedora 24
Version : 2.2.4
Release : 1.fc24
URL : https://libgd.github.io/
Summary : A graphics library for quick creation of PNG or JPEG images

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved