Debian alert DLA-1106-1 (libgd2)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1106-1] libgd2 security update | |
| Date: | Fri, 22 Sep 2017 18:26:23 +0200 | |
| Message-ID: | <73a33385-d5ce-2110-997c-b0523baec34b@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libgd2 Version : 2.0.36~rc1~dfsg-6.1+deb7u10 CVE ID : CVE-2017-6362 A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u10. We recommend that you upgrade your libgd2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnFOaoACgkQnUbEiOQ2 gwIRjA//eq8NJlb7k37ZdvANbkLxYmxE1UjEr0qcWSJfdzNfYddZDlWRUGOp82G6 8J+/mFaFcflUPBbGSbbbjTUUR+1M5MV14SV58D81I9NT0Scdo2tLjTwpnevbCrhp XyqtnPsd2sbMNl5zsO5a7cZSuw2JilXkG8SHahCc0LY0/OleiqmmLunGBsnwG9Jc KXWqdS8J1PjRSXiXZqbJQEy15jd32WOSwCzSTl3JvZmvA9hv1GqFUyvJ4KmfZH9M 6g8Aj810M+FY2IM1TrefdEliGc7RKkWJTtB+chxg19ZBPlo5fceU2XpqqJDZc9Co ADzPbJrwaENk3a1M2rpA4VylJm1kZuDY97OqCMe+NSRk5HrB9MDgI0WNFaQhKAJl FIhWAyeG4nFY/v5WQM3nhgp9aQ09Y5xlaOCBFMTbEyke6yVUZGUcylGZ4FU2e95X iKZaba9KS9Vt4YF1MBVrP2hixmIzIyavACTfYvN18TK6EWDAoU1OBoLzfPGxfGac 9ln0vXTIIOrCaDMu7sahcoULWGNH6/ZSIeaE8ADrhaWu6hvGEwQgHXzGyBFkho42 Ntex8zGKQWRGCUnXJNMg9pzK+P20ZNt4v+rNnWHhYHNWOTlfI7pnzw6rool+2/N5 VuiW9gdGShNFNLrGWw/E+vb9H28ZWs831yxWPVeICKS8r72dfxU= =mA3t -----END PGP SIGNATURE-----