|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0421 (libgd)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0421: Updated libgd packages fixe security vulnerabilities 


Date:
    	      Thu, 22 Dec 2016 22:41:32 +0100


Message-ID:
    	      <20161222214132.410F29F7B8@duvel.mageia.org>


MGASA-2016-0421 - Updated libgd packages fixe security vulnerabilities

Publication date: 22 Dec 2016
URL: http://advisories.mageia.org/MGASA-2016-0421.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-6911,
     CVE-2016-8670

Description:
Ibrahim El-Sayed discovered that the GD library incorrectly handled
certain malformed Tiff images. If a user or automated system were
tricked into processing a specially crafted Tiff image, an attacker
could cause a denial of service (CVE-2016-6911).

Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into processing a specially crafted image, an attacker could cause a
denial of service, or possibly execute arbitrary code (CVE-2016-8670).

References:
- https://bugs.mageia.org/show_bug.cgi?id=19594
- http://www.ubuntu.com/usn/usn-3117-1
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670

SRPMS:
- 5/core/libgd-2.2.3-1.4.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds