1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3751-1] libgd2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Jan 1 18:20:01 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3751-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libgd2
    CVE ID : CVE-2016-9933
    Debian Bug : 849038

    A stack overflow vulnerability was discovered within the
    gdImageFillToBorder function in libgd2, a library for programmatic
    graphics creation and manipulation, triggered when invalid colors are
    used with truecolor images. A remote attacker can take advantage of this
    flaw to cause a denial-of-service against an application using the
    libgd2 library.

    For the stable distribution (jessie), this problem has been fixed in
    version 2.1.0-5+deb8u8.

    For the testing distribution (stretch), this problem has been fixed
    in version 2.2.2-29-g3c2b605-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 2.2.2-29-g3c2b605-1.

    We recommend that you upgrade your libgd2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhpNeBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rvjw/9ERJvLtD/x0p4jEP6p3iUkPyDig0xVZLuAtcHcHKWb+HdNf3W3iOCp3Qz H/ybWGxno3lDBFTzjaqFq9RUf1+SanbqHfEnQ22UQuKhXgiLaxDXKoIKBgUrcvl0 zdVvH+SHon5f17vUOKzWR9GVV+Aqwe6B461uS/BRA8UsaxiViBndGd1YLd3y17g4 hHWICoRSxEwm5NjWsFXQQRfuDuEp4MwSv5a71WPZ0s9EjlbvMCFIYcwaFhFDF3de UjeeWk2nwZY+z4nZD6G1PKrdCNs3JiA5pfswM3hEsdyd9xq0uNUXkFYv/V9kPCHy s5JVT5qnCGI6UNkWQk50I8GN0hV4+b8o2h9q5XCxwhPXRby6N3qkcq5ZyiW9jjr/ CVf6nVMkWHfDDAsFFSE5taUpwSPCYzb7GPK648X2qODlIg+7uOMCZBDs1t3yAWdU RyRjVLSXcvfy7TeDriFcOlqgsMMAclowQYYO4PINtV3yKMBcl8dqzbVQBAu5Z5Bx 820rvTA15JOM0GIkOATFJUhX1PzxcrvGAP458yCCbzap9PHVcYLvTiaW5Y/zFiqU WhS1YnKtJfe/YQ+T99+VXQgFAvdL0+wN6R7sTYWl/m/c5WUk4jXFkEkneweoGKUe SEPsD57Cljauai/rAhD7i4L6YQJYt0jvnu2wffQ6mTPPDcFEZtU=
    =CDTq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)