[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 563-1] libgd2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libgd2
Version        : 2.0.36~rc1~dfsg-6.1+deb7u5
CVE ID         : CVE-2016-6161

A global out of bounds read when encoding gif from malformed input was found in this software.

When given invalid inputs, we might be fed the EOF marker before it is
actually the EOF.  The gif logic assumes once it sees the EOF marker,
there won't be any more data, so it leaves the cur_bits index possibly
negative.  So when we get more data, we underflow the masks array.

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.36~rc1~dfsg-6.1+deb7u5.

We recommend that you upgrade your libgd2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXl890XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHsAUP/11oE27X/4HnQo+aMgSgRzrN
72CPVn5UURqfCu/2YQOgu78QsEpa+6g90OuXgyVbPHxrX10aDjH2yExcZ+RQx6AU
PMEgHpUU5pYIgQlbdgzK5xn1+HIisNhvmXOPICmtUgS6pnk4eR7j1/H4x1hT2aGb
RNYGFU/LLtywDRD3FZfgGoHgvzJrq80qzmg8dXLReYdwY4tZ4ViURjwzayewBrXl
GBYGFCSNJoINNXcsWYH/XWE3WgShu++8X92HXzt8C0iU6RMtsBhStpKh51whFXAH
8up1heUyIU1PN3W4UzY5mBcGspT7W/aUM6wDEWxTnINjoRr1AesDK9Th3Mz4CESK
pHCq2ildftt02VSNQ6T4u/LHTOoiE+pD39yVnc+jPV+rXP8Bq7dc4ASD8zkKQU0Q
YQ8C0TTZfzf9DwoZMXfYprqmNeyu0qjXxchlD+X9Dc+LqjFGsldOW8YbtDQhBmeI
H2xVjabZ3hm4RFwZAOw4AKweQVkXoCqZUNVYp1Q8dtCj8bkx2DyudnzDcRHPzo6/
s2mWU2hyPL6oSeDPk6IsrFLt64/bA993LT/eQt71rf2crcXCvRMPgpPionwLQmy1
5S9ZnvtGpzUsAmFSsnWtmniuvVn+n/7N0WdctJqBqeHrwe/MAmT/yhhYTwR0TJEO
RGsBkRdvMruSn48iEGQX
=1Hl3
-----END PGP SIGNATURE-----


Reply to: