You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa gd

Sigurnosni nedostaci programskog paketa gd

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-07-24 18:38:16.634550

Name : gd
Product : Fedora 24
Version : 2.2.3
Release : 1.fc24
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.

Update Information:

**LibGD 2.2.3 release** Security related fixes: This flaw is caused by loading
data from external sources (file, custom ctx, etc) and are hard to validate
before calling libgd APIs: * fix php bug php#72339, Integer Overflow in
_gd2GetHeader (CVE-2016-5766) * bug #248, fix Out-Of-Bounds Read in
read_image_tga Using application provided parameters, in these cases invalid
data causes the issues: * Integer overflow error within
_gdContributionsAlloc() (CVE-2016-6207) * fix php bug php#72494, invalid
color index not handled, can lead to crash * improve color check for
CropThreshold Important update: * gdImageCopyResampled has been
improved. Better handling of images with alpha channel, also brings libgd in
sync with php’s bundled gd. This is a recommended update.

[ 1 ] Bug #1356486 – gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all]
[ 2 ] Bug #1356467 – CVE-2016-6214 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all]
[ 3 ] Bug #1352548 – CVE-2016-6132 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all]
[ 4 ] Bug #1351604 – CVE-2016-6128 gd: Invalid color index not properly handled [fedora-all]

This update can be installed with the “yum” update program. Use
su -c ‘yum update gd’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2016-07-0106-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa openssh

Otkriven je sigurnosni nedostatak u programskom paketu openssh za Debian. Nedostatak se očituje mogućnošću enumeriranja korisnika na sustavu s pokrenutim...