UbuntuUpdates.org

Package "libgd2"

Name: libgd2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GD Graphics Library (development version)
  • GD Graphics Library

Latest version: 2.2.5-4ubuntu0.4
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "libgd2" in Bionic

Repository Area Version
base main 2.2.5-4
base universe 2.2.5-4
security universe 2.2.5-4ubuntu0.4
security main 2.2.5-4ubuntu0.4
updates universe 2.2.5-4ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.2.5-4ubuntu0.4 2020-04-02 23:07:15 UTC

  libgd2 (2.2.5-4ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553
  * SECURITY UPDATE: possible read of uninitialized variable in
    gdImageCreateFromXbm()
    - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
      input in src/gd_xbm.c.
    - debian/patches/CVE-2019-11038-test.patch: add a test for
      CVE-2019-11038.patch
    - CVE-2019-11038

 -- Avital Ostromich <email address hidden> Mon, 09 Mar 2020 14:43:33 -0400

Source diff to previous version
CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific functi
CVE-2019-11038 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x be

Version: 2.2.5-4ubuntu0.3 2019-02-28 16:06:55 UTC

  libgd2 (2.2.5-4ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/Makemodule.am,
      tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:31:55 -0500

Source diff to previous version
CVE-2019-6977 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x
CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is un

Version: 2.2.5-4ubuntu0.2 2018-08-27 16:07:06 UTC

  libgd2 (2.2.5-4ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 12:15:43 -0300

CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This atta
CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, h



About   -   Send Feedback to @ubuntu_updates