UbuntuUpdates.org

Package "libgd2"

Name: libgd2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Debug symbols for GD Graphics Library
  • GD Graphics Library (development version)
  • GD Graphics Library

Latest version: 2.1.1-4ubuntu0.16.04.12
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "libgd2" in Xenial

Repository Area Version
base universe 2.1.1-4build2
base main 2.1.1-4build2
security universe 2.1.1-4ubuntu0.16.04.12
updates main 2.1.1-4ubuntu0.16.04.12
updates universe 2.1.1-4ubuntu0.16.04.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.1-4ubuntu0.16.04.6 2017-02-28 20:07:21 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: potential unsigned underflow
    - debian/patches/CVE-2016-10166.patch: refactor loop in
      src/gd_interpolation.c.
    - CVE-2016-10166
  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: OOB reads of the TGA decompression buffer
    - debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-1.patch: check for overflow in
      src/gd_tga.c.
    - debian/patches/CVE-2016-6906-2.patch: add another overflow check in
      src/gd_tga.c.
    - CVE-2016-6906
  * SECURITY UPDATE: double-free in gdImageWebPtr()
    - debian/patches/CVE-2016-6912.patch: add helper function to indicate
      failure in src/gd_webp.c.
    - CVE-2016-6912
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      src/gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in
      src/gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden> Tue, 28 Feb 2017 10:29:32 -0500

Source diff to previous version
CVE-2016-1016 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 o
CVE-2016-6906 OOB reads of the TGA decompression buffer
CVE-2016-6912 Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecifi
CVE-2016-9317 The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via
CVE-2016-9933 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP befor

Version: 2.1.1-4ubuntu0.16.04.5 2016-11-01 18:06:50 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      src/gd_io_dp.c, check return code in src/gd_tiff.c.
    - CVE-2016-6911
  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow in gdImageWebpCtx
    - debian/patches/CVE-2015-7568.patch: check for overflow in
      src/gd_webp.c.
    - CVE-2016-7568
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in src/gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 14:16:31 +0200

Source diff to previous version
CVE-2016-6911 invalid read in gdImageCreateFromTiffPtr()
CVE-2015-7568 RESERVED
CVE-2016-7568 Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, all
CVE-2016-8670 Stack Buffer Overflow in GD dynamicGetbuf

Version: 2.1.1-4ubuntu0.16.04.3 2016-08-10 18:06:50 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: out of bounds read in TGA file parsing
    - debian/patches/CVE-2016-6132.patch: properly validate image data in
      src/gd_tga.c.
    - CVE-2016-6132
  * SECURITY UPDATE: OOB or OOM in gdImageScale
    - debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
      and check return codes in src/gd.c, src/gd_interpolation.c.
    - CVE-2016-6207
  * SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
    bpp/alphabit combinations
    - debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
    - CVE-2016-6214

 -- Marc Deslauriers <email address hidden> Tue, 09 Aug 2016 09:38:28 -0400

Source diff to previous version
CVE-2016-6132 read out-of-bands was found in the parsing of TGA files
CVE-2016-6214 read out-of-bounds issue

Version: 2.1.1-4ubuntu0.16.04.2 2016-07-11 18:07:05 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: stack overflow with large names
    - debian/patches/CVE-2016-5116.patch: properly handle names in
      src/gd_xbm.c.
    - CVE-2016-5116
  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in
      src/gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: denial of service via invalid color index
    - debian/patches/CVE-2016-6128.patch: check color index in
      src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
      tests/gdimagecrop/php_bug_72494.c.
    - CVE-2016-6128
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      src/gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden> Fri, 08 Jul 2016 14:22:56 -0400

Source diff to previous version
CVE-2016-5116 xbm: avoid stack overflow (read) with large names
CVE-2016-5766 Integer Overflow in _gd2GetHeader() resulting in heap overflow
CVE-2016-6128 Invalid color index is not properly handled leading to denial of service

Version: 2.1.1-4ubuntu0.16.04.1 2016-05-31 16:06:57 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
    - debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
      src/gd_interpolation.c.
    - CVE-2015-8877
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      src/gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden> Thu, 26 May 2016 09:22:19 -0400

CVE-2015-8874 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2015-8877 The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses incons
CVE-2016-3074 Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potential



About   -   Send Feedback to @ubuntu_updates