UbuntuUpdates.org

Package "libgd2"

Name: libgd2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GD command line tools and example code

Latest version: 2.1.0-3ubuntu0.11
Release: trusty (14.04)
Level: updates
Repository: universe

Links



Other versions of "libgd2" in Trusty

Repository Area Version
base main 2.1.0-3
security main 2.1.0-3ubuntu0.11
security universe 2.1.0-3ubuntu0.11
updates main 2.1.0-3ubuntu0.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.0-3ubuntu0.11 2019-02-28 16:06:52 UTC

  libgd2 (2.1.0-3ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:42:23 -0500

Source diff to previous version
CVE-2019-6977 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x
CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is un

Version: 2.1.0-3ubuntu0.10 2018-08-27 16:06:59 UTC

  libgd2 (2.1.0-3ubuntu0.10) trusty-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 10:51:28 -0300

Source diff to previous version
CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This atta
CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, h

Version: 2.1.0-3ubuntu0.8 2017-09-05 18:06:39 UTC

  libgd2 (2.1.0-3ubuntu0.8) trusty-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in src/gd_png.c also
      adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am,
      tests/png/bug00381_1.c, tests/png/bug00381_2.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Sep 2017 18:55:20 -0300

Source diff to previous version

Version: 2.1.0-3ubuntu0.7 2017-08-14 19:06:37 UTC

  libgd2 (2.1.0-3ubuntu0.7) trusty-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Aug 2017 19:17:28 -0300

Source diff to previous version

Version: 2.1.0-3ubuntu0.6 2017-02-28 20:07:18 UTC

  libgd2 (2.1.0-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden> Tue, 28 Feb 2017 10:37:45 -0500

CVE-2016-1016 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 o
CVE-2016-6906 OOB reads of the TGA decompression buffer
CVE-2016-6912 Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecifi
CVE-2016-9317 The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via
CVE-2016-9933 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP befor



About   -   Send Feedback to @ubuntu_updates