Mageia alert MGASA-2014-0288 (gd)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0288: Updated gd and libgd packages fix security vulnerability 
Date:
    	     
 
Wed, 9 Jul 2014 00:45:07 +0200
Message-ID:
    	     
 
<20140708224507.C659E5AFCB@valstar.mageia.org>
MGASA-2014-0288 - Updated gd and libgd packages fix security vulnerability

Publication date: 08 Jul 2014
URL: http://advisories.mageia.org/MGASA-2014-0288.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-2497

Description:
The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows
remote attackers to cause a denial of service (NULL pointer dereference and
application crash) via a crafted color table in an XPM file (CVE-2014-2497).

References:
- https://bugs.mageia.org/show_bug.cgi?id=13021
- http://lists.opensuse.org/opensuse-updates/2014-06/msg000...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497

SRPMS:
- 4/core/libgd-2.1.0-3.1.mga4
- 3/core/gd-2.0.35-20.1.mga3