[ALSA-2020:4659] Moderate: gd security update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fix(es): * gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977) * gd: NULL pointer dereference in gdImageClone (CVE-2018-14553) * gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 gd-2.2.5-7.el8.aarch64.rpm 6fd636508eee6b5a3ca9a9793c662242c7c952a5ef0b06204dc07972abfbec79
aarch64 gd-devel-2.2.5-7.el8.aarch64.rpm 7951fffa5bf341bea7cd44637a5c1154ca89c5f67693587da53e85798217182a
i686 gd-devel-2.2.5-7.el8.i686.rpm 04229bdf149d2467ec8e2cf2032f5120957b7f805aca4c99788cd0cf8fc7a019
i686 gd-2.2.5-7.el8.i686.rpm da6b77f0140a9c2d8b2a835954c1d50a7a7017a6ccf68d75ee056835cbb611dc
ppc64le gd-devel-2.2.5-7.el8.ppc64le.rpm 2bdabf0efae2d133eb0313f08188e71af2acb0131d68bc741e259169205ea401
ppc64le gd-2.2.5-7.el8.ppc64le.rpm ce27e20da08d5dfe18ded15d62662becf4d7f33053dab4ceca9ba68f20569e4a
x86_64 gd-devel-2.2.5-7.el8.x86_64.rpm 71bb05f9296f6ff5851b69fa7f6f99e4cd722bf4f1078fb42a6ebfb14d8e7aa9
x86_64 gd-2.2.5-7.el8.x86_64.rpm d41ea3d83f961db23c9976dc8bc937723ea43710e97cf1adc679733699f4c478
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.