UbuntuUpdates.org

Package "libgd2"

Name: libgd2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GD command line tools and example code

Latest version: 2.1.1-4ubuntu0.16.04.12
Release: xenial (16.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "libgd2": https://www.ubuntuupdates.org/libgd2



Other versions of "libgd2" in Xenial

Repository Area Version
base universe 2.1.1-4build2
base main 2.1.1-4build2
security main 2.1.1-4ubuntu0.16.04.12
updates main 2.1.1-4ubuntu0.16.04.12
updates universe 2.1.1-4ubuntu0.16.04.12

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.1-4ubuntu0.16.04.12 2020-04-02 23:07:11 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553
  * SECURITY UPDATE: possible read of uninitialized variable in
    gdImageCreateFromXbm()
    - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
      input in src/gd_xbm.c.
    - debian/patches/CVE-2019-11038-test.patch: add a test for
      CVE-2019-11038.patch.
    - debian/patches/CVE-2019-11038-test-functions.patch: add functions for
      CVE-2019-11038-test.patch.
    - CVE-2019-11038

 -- Avital Ostromich <email address hidden> Thu, 26 Mar 2020 13:51:51 -0400

Source diff to previous version
CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific functi
CVE-2019-11038 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x be

Version: 2.1.1-4ubuntu0.16.04.11 2019-03-02 16:06:50 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:35:55 -0500

Source diff to previous version
CVE-2019-6977 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x
CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is un

Version: 2.1.1-4ubuntu0.16.04.10 2018-08-27 16:07:04 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 12:13:57 -0300

Source diff to previous version
CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This atta
CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, h

Version: 2.1.1-4ubuntu0.16.04.8 2017-09-05 17:06:43 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in src/gd_png.c also
      adds tests in tests/png/CMakeLists.txt, tests/Makemodule.am,
      tests/png/bug00381_1.c, tests/png/bug00381_2.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Sep 2017 17:23:24 -0300

Source diff to previous version

Version: 2.1.1-4ubuntu0.16.04.7 2017-08-14 19:06:39 UTC

  libgd2 (2.1.1-4ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: memory read vulnerability in GIF
    - debian/patches/CVE-2017-7890.patch: zeroing buffers to avoid
      information leak and adding test in src/gd_gif_in.c,
      tests/gif/CMakeLists.txt, tests/MakeModule.am,
      tests/gif/uninitialized_memory_read.c,
      tests/gif/unitialized_memory_read.gif.
    - CVE-2017-7890

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 10 Aug 2017 15:59:01 -0300




About   -   Send Feedback to @ubuntu_updates